Changelog v-2.0-dev.1.0: gemspec — Require Ruby >= 2.0.0. Options –authorized-by — Fixed expected type (Integer => String). HTTP request_timeout — Lowered from 50 to 10…
VBScript obfuscation to allow PenTesters bypass countermeasures. Output Example:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
C:\tools>python obfuscator.py test.vbs out.vbs Char 109 -> 5505-5396 Char 115 -> 1113775/9685 Char 103 -> 540853/5251 Char 98 -> -2629+2727 Char 111 -> 291-180 Char 120 -> 826320/6886 Char 32 -> 118016/3688 Char 34 -> -2379+2413 Char 72 -> 2401-2329 Char 101 -> -1347+1448 Char 108 -> 759780/7035 Char 108 -> 5391-5283 Char 111 -> 743700/6700 Char 32 -> 7654-7622 Char 87 -> 636927/7321 Char 111 -> -46+157 Char 114 -> 7591-7477 Char 108 -> -9028+9136 Char 100 -> 285800/2858 Char 33 -> 5241-5208 Char 34 -> 7209-7175 Char 44 -> 234080/5320 Char 32 -> 104352/3261 Char 118 -> -3369+3487 Char 98 -> -7575+7673 Char 79 -> -9140+9219 Char 107 -> 4317-4210 Char 79 -> -5433+5512 Char 110 -> -1294+1404 Char 108 -> 6672-6564 Char 121 -> 1109-988 Char 32 -> 166080/5190 Char 43 -> 95675/2225 Char 32 -> 3156-3124 Char 118 -> -9572+9690 Char 98 -> -3093+3191 Char 73 -> 53947/739 Char 110 -> -2239+2349 Char 102 -> 554982/5441 Char 111 -> 4953-4842 Char 114 -> 907440/7960 Char 109 -> 3406-3297 Char 97 -> 3570-3473 Char 116 -> 3624-3508 Char 105 -> 137130/1306 Char 111 -> 632-521 Char 110 -> 8712-8602 Char 44 -> 94468/2147 Char 32 -> 14176/443 Char 34 -> 884/26 Char 84 -> -9768+9852 Char 104 -> -5195+5299 Char 105 -> 706335/6727 Char 115 -> 6469-6354 Char 32 -> 250304/7822 Char 105 -> -9605+9710 Char 115 -> 771190/6706 Char 32 -> -1319+1351 Char 97 -> 674053/6949 Char 32 -> -6907+6939 Char 109 -> 3365-3256 Char 101 -> 170791/1691 Char 115 -> 17020/148 Char 115 -> 3217-3102 Char 97 -> -6948+7045 Char 103 -> -9545+9648 Char 101 -> 9670-9569 Char 98 -> 926002/9449 Char 111 -> 130869/1179 Char 120 -> 255600/2130 Char 34 -> -1384+1418 Char 42 -> 1784-1742 Done! |
Results (comparison)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
First Output: Dim SzVeVmXkoEZx, LALrsGQYjZtj, kLTOaGJfsmSG SzVeVmXkoEZx = "6974-6865*602140/5236*45732/444*-8743+8841*8842-8731*5179-5059*-4646+4678*892-858*5573-5501*129-28*9855-9747*-6681+6789*-9095+9206*257184/8037*311721/3583*-7211+7322*741684/6506*-5620+5728*241300/2413*198-165*-9925+9959*6380-6336*5552-5520*-9222+9340*569-471*-6484+6563*6988-6881*128533/1627*-5150+5260*4828-4720*5616-5495*6062-6030*5407-5364*313728/9804*-9272+9390*-767+865*3735-3662*-2705+2815*-4151+4253*73704/664*-9531+9645*-7310+7419*-1882+1979*3171-3055*9554-9449*2676-2565*-1012+1122*107448/2442*4055-4023*-6753+6787*2058-1974*-5464+5568*428610/4082*2479-2364*-3013+3045*-9195+9300*128225/1115*56448/1764*-6899+6996*161760/5055*253752/2328*756288/7488*-4081+4196*29900/260*-3164+3261*-6830+6933*-6580+6681*-8764+8862*861360/7760*330840/2757*-2407+2441" LALrsGQYjZtj = Split(SzVeVmXkoEZx, chr(eval(261366/6223))) for each SKhxsIKQEybA in LALrsGQYjZtj kLTOaGJfsmSG = kLTOaGJfsmSG & chr(eval(SKhxsIKQEybA)) next execute(kLTOaGJfsmSG) Second output: Dim wEQHvB, vsSBaV, pwgtko wEQHvB = "-1912+2021*168-53*938948/9116*5796-5698*666666/6006*938-818*-4889+4921*-9635+9669*302112/4196*-9587+9688*-4950+5058*1012608/9376*-6763+6874*235232/7351*-8833+8920*412920/3720*1007190/8835*594432/5504*-5605+5705*1113-1080*9516-9482*347644/7901*181536/5673*198712/1684*615734/6283*779-700*6051-5944*-2574+2653*172370/1567*2086-1978*681472/5632*4765-4733*-2746+2789*54880/1715*2593-2475*733040/7480*-5259+5332*-7261+7371*103326/1013*-8585+8696*7371-7257*6640-6531*4564-4467*-6527+6643*62265/593*-1349+1460*2314-2204*-5438+5482*-5860+5892*4779-4745*1086-1002*-265+369*1276-1171*2588-2473*-2914+2946*101850/970*698050/6070*181760/5680*3610-3513*236896/7403*5004-4895*4565-4464*720245/6263*812360/7064*3582-3485*36977/359*4691-4590*482944/4928*-773+884*546720/4556*5235-5201" vsSBaV = Split(wEQHvB, chr(eval(1039-997))) for each KxRKRt in vsSBaV pwgtko = pwgtko & chr(eval(KxRKRt)) next execute(pwgtko) |
Python Script :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
#!/usr/bin/python import random, sys, string #We need 3 params #Script-name, input-file, output-file if len(sys.argv) <> 3: print "Usage: python obfuscator.py inFile.vbs outFile.vbs" sys.exit() #Splitter is set to be the "*" symbol, #since we are not using it in obfuscation splitter = str(chr(42)) #Randomly capitalize each character def randCapitalization(characters): capicharacter = "" for character in characters: lowup = random.randrange(0,2) if lowup == 0: capicharacter += character.upper() if lowup == 1: capicharacter += character.lower() return capicharacter #Random function names NUM_OF_CHARS = random.randrange(5, 60) pld = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in range(NUM_OF_CHARS)) array = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in range(NUM_OF_CHARS)) temp = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in range(NUM_OF_CHARS)) x = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in range(NUM_OF_CHARS)) #Function to fill encBody variable #with the obfuscated content def obfu(body): encBody = "" for i in range(0, len(body)): if encBody == "": encBody += expr(ord(body[i])) else: encBody += "*" + expr(ord(body[i])) return encBody #Random mathematical expression decision def expr(char): range = random.randrange(100, 10001) exp = random.randrange(0, 3) if exp == 0: print "Char " + str(char) + " -> " + str((range+char)) + "-" + str(range) return str((range+char)) + "-" + str(range) if exp == 1: print "Char " + str(char) + " -> " + str((char-range)) + "+" + str(range) return str((char-range)) + "+" + str(range) if exp == 2: print "Char " + str(char) + " -> " + str((char*range)) + "/" + str(range) return str((char*range)) + "/" + str(range) #Open the source and destination files clear_text_file = open(sys.argv[1], "r") obfuscated_file = open(sys.argv[2], "w") #Write to destination file obfuscated_file.write(randCapitalization("Dim " + pld + ", " + array + ", " + temp) + "\n") obfuscated_file.write(randCapitalization(pld + " = ") + chr(34) + obfu(clear_text_file.read()) + chr(34) + "\n") obfuscated_file.write(randCapitalization(array + " = Split(" + pld + ", chr(eval(") + obfu(splitter) + ")))\n") obfuscated_file.write(randCapitalization("for each " + x + " in " + array) + "\n") obfuscated_file.write(randCapitalization(temp + " = " + temp + " & chr(eval(" + x) + "))\n") obfuscated_file.write(randCapitalization("next") + "\n") obfuscated_file.write(randCapitalization("execute(" + temp) + ")\n") #Close file handles before exit clear_text_file.close() obfuscated_file.close() print "Done!" |
Source : https://github.com/kkar
Changelog 05/06/2015: + Add a potential packetCount to the attack log + Fix attack log bug and remove superfluous print + Add AF_PACKET support +…
Chagelog 04/06/2015: – Initial Crash Report about com.whatsapp – New UI – Features list This is a tool to analyze android, linux and windows, to…
Changelog Parrot 2.0rc6+: + UPGRADE Due to the upgrade problems from debian wheezy to debian jessie, the upgrade from parrot 1.9 and parrot 2.0 will…
Released.: 2.20.1 [5.29.2015]: + Modified.: Python payloads now include McAfee bypass… oh antivirus…. avlol Veil-Evasion is a tool designed to generate metasploit payloads that bypass…
VDiscover is a tool designed to train a vulnerability detection predictor. Given a vulnerability discovery procedure and a large enough number of training testcases, it…
NOTE: “THIS CODE IS NOT FOR EDUCATIONAL PURPOSE” UFONet – is a tool designed to launch DDoS attacks against a target, using ‘Open Redirect’ vectors…