![How to Encrypt Python Exploit So It Can Be FUD Again? [DOC EXPLOIT]](https://img.wonderhowto.com/img/31/73/63594733605714/0/encrypt-python-exploit-so-can-be-fud-again-doc-exploit.w1456.jpg)
Hello
I have a silent Doc exploit written in python for the CVE-2015-1650 and CVE-2015-1770 Remote Code Execution ,which had 0 rate detection 2 days ago , somehow a dumb moron uploaded it to virustotal and now it has 15/35 detection rate.
is there a tool or a method to encrypt the python file again so it will be FUD again?
Thanks
Forum Thread:
How to Track Who Is Sms Bombing Me .
4
Replies
Forum Thread:
Removing Pay-as-You-Go Meter on Loan Phones.
1
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
3
Replies
Forum Thread:
moab5.Sh Error While Running Metasploit
17
Replies
Forum Thread:
Execute Reverse PHP Shell with Metasploit
1
Replies
Forum Thread:
Install Metasploit Framework in Termux No Root Needed M-Wiz Tool
1
Replies
Forum Thread:
Hack and Track People's Device Constantly Using TRAPE
35
Replies
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
How To:
Spy on Traffic from a Smartphone with Wireshark
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
How To:
Enumerate SMB with Enum4linux & Smbclient
How To:
Detect Script-Kiddie Wi-Fi Jamming with Wireshark
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
Hack Like a Pro:
How to Find Directories in Websites Using DirBuster
Become an Elite Hacker Part 4:
Hacking a Website. [Part 1]
How To:
Perform Advanced Man-in-the-Middle Attacks with Xerosploit
How To:
Escape Restricted Shell Environments on Linux
How To:
Use MDK3 for Advanced Wi-Fi Jamming
How To:
Use the Chrome Browser Secure Shell App to SSH into Remote Devices
How To:
The Top 80+ Websites Available in the Tor Network
How To:
Crack SSH Private Key Passwords with John the Ripper
How To:
Find OSINT Data on License Plate Numbers with Skiptracer
How To:
Brute-Force Nearly Any Website Login with Hatch
The Hacks of Mr. Robot:
How to Send a Spoofed SMS Text Message
Video:
How to Crack Weak Wi-Fi Passwords in Seconds with Airgeddon on Parrot OS
How To:
Use an ESP8266 Beacon Spammer to Track Smartphone Users
How To:
Create Packets from Scratch with Scapy for Scanning & DoSing
Antivirus Bypass:
Friendly Reminder to Never Upload Your Samples to VirusTotal
23 Responses
People upload samples to VirusTotal because it's their responsibility as a security analyst or it's someone who doesn't want themselves to get infected so don't go around assuming that it's the behavior of a "dumb moron".
Back on topic: Do you know which part is detected?
the payload
Is it detected on disk or during runtime?
on disk i guess , for example Kaspersky detects it without being executed
Have you tried encrypting it and then decrypting it in memory?
No I didn't .... I have seen other uploads for the same exploit where the payload is being obfuscated ,from this \x7B\x5C\x72\x74\x66\x31\x7B\x61\x5C\x2A\x5C\x7D\x00\x65" to this 7B5C72740A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A"
Perhaps try one of these methods?
can you suggest some tools?
Do you know how to use Python?
basic knowledge
Use XOR to encrypt the shellcode, place the encrypted shellcode into the code, then write a routine to decrypt the buffer. When your code runs, make sure it decrypts the shellcode first before using it.
Thank you so much, a bit hard for me but I will try anyways
Would you please confirm if this shellcode crypter is useful ? Thanks!
http://hacklab.altervista.org/download/shellcodes_crypter_v0.2.c
As long as it's encrypted enough so that the antivirus cannot detect a signature, it's fine. Once you apply the encryption, you'll need the decryption routine inside your code to decode on runtime. For XOR, it should be the exact same operation.
import binascii
header = 'holhola"
binnu=binascii.b2a_hex(header)
print(binnu)
In order to correctly answer this question we need a bit more information like the full exploit code
To refud it you need to figure out what part of the code causes it to be detected like is it the shellcode or maybe the thing that Triggers the vulneribility
If it is the shellcode you can use shelter to generatie new shellcode
If it is the code that Triggers the vulnerebility you can try editing the code so that it still works
Another thing which i very common in buffer overflows is that they randomize the buffer so that the exploit always looks diffrent
ok check it!
this one has a different long shellcode , I've seen others
with shorter ones , thats why i thought maybe its possible to refud it
https://www.indetectables.net/viewtopic.php?f=7&t=54743
Anyone here??
this is cve-2014-1761 not the cve you stated , if your 2015 builder output is rtf send your jabber or skype
yes its rtf skype : saberdz17
I am still waiting for your message mate!
I have failed to encrypt the shellcode , Now i am trying to refud the output .DOC file with Hex editor and Offset locator
Amazing trick by MrTuxracer
https://www.rcesecurity.com/2016/04/slae-polymorphic-shellcodes-linux-x86/
Share Your Thoughts