![How to Encrypt Python Exploit So It Can Be FUD Again? [DOC EXPLOIT]](https://img.wonderhowto.com/img/31/73/63594733605714/0/encrypt-python-exploit-so-can-be-fud-again-doc-exploit.w1456.jpg)
Hello
I have a silent Doc exploit written in python for the CVE-2015-1650 and CVE-2015-1770 Remote Code Execution ,which had 0 rate detection 2 days ago , somehow a dumb moron uploaded it to virustotal and now it has 15/35 detection rate.
is there a tool or a method to encrypt the python file again so it will be FUD again?
Thanks
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
How To:
Crack SSH Private Key Passwords with John the Ripper
How To:
Dox Anyone
How To:
Exploit EternalBlue on Windows Server with Metasploit
How To:
Scan for Vulnerabilities on Any Website Using Nikto
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
Hack Like a Pro:
Abusing DNS for Reconnaissance
How To:
Map Wardriving Data with Jupyter Notebook
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
How To:
Enumerate SMB with Enum4linux & Smbclient
How To:
Create a Persistent Back Door in Android Using Kali Linux:
How To:
Bypass File Upload Restrictions on Web Apps to Get a Shell
How To:
Top 10 Things to Do After Installing Kali Linux
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
Hacking Windows 10:
How to Dump NTLM Hashes & Crack Windows Passwords
How To:
Scrape Target Email Addresses with TheHarvester
How To:
Use Command Injection to Pop a Reverse Shell on a Web Server
How To:
Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
How To:
Pick an Antenna for Wi-Fi Hacking
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
23 Responses
People upload samples to VirusTotal because it's their responsibility as a security analyst or it's someone who doesn't want themselves to get infected so don't go around assuming that it's the behavior of a "dumb moron".
Back on topic: Do you know which part is detected?
the payload
Is it detected on disk or during runtime?
on disk i guess , for example Kaspersky detects it without being executed
Have you tried encrypting it and then decrypting it in memory?
No I didn't .... I have seen other uploads for the same exploit where the payload is being obfuscated ,from this \x7B\x5C\x72\x74\x66\x31\x7B\x61\x5C\x2A\x5C\x7D\x00\x65" to this 7B5C72740A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A"
Perhaps try one of these methods?
can you suggest some tools?
Do you know how to use Python?
basic knowledge
Use XOR to encrypt the shellcode, place the encrypted shellcode into the code, then write a routine to decrypt the buffer. When your code runs, make sure it decrypts the shellcode first before using it.
Thank you so much, a bit hard for me but I will try anyways
Would you please confirm if this shellcode crypter is useful ? Thanks!
http://hacklab.altervista.org/download/shellcodes_crypter_v0.2.c
As long as it's encrypted enough so that the antivirus cannot detect a signature, it's fine. Once you apply the encryption, you'll need the decryption routine inside your code to decode on runtime. For XOR, it should be the exact same operation.
import binascii
header = 'holhola"
binnu=binascii.b2a_hex(header)
print(binnu)
In order to correctly answer this question we need a bit more information like the full exploit code
To refud it you need to figure out what part of the code causes it to be detected like is it the shellcode or maybe the thing that Triggers the vulneribility
If it is the shellcode you can use shelter to generatie new shellcode
If it is the code that Triggers the vulnerebility you can try editing the code so that it still works
Another thing which i very common in buffer overflows is that they randomize the buffer so that the exploit always looks diffrent
ok check it!
this one has a different long shellcode , I've seen others
with shorter ones , thats why i thought maybe its possible to refud it
https://www.indetectables.net/viewtopic.php?f=7&t=54743
Anyone here??
this is cve-2014-1761 not the cve you stated , if your 2015 builder output is rtf send your jabber or skype
yes its rtf skype : saberdz17
I am still waiting for your message mate!
I have failed to encrypt the shellcode , Now i am trying to refud the output .DOC file with Hex editor and Offset locator
Amazing trick by MrTuxracer
https://www.rcesecurity.com/2016/04/slae-polymorphic-shellcodes-linux-x86/
Share Your Thoughts