Comments (5)
Hi @0xElessar, you're right, there was a bug with the signature in when generating native EXE. For the -dll
flag, I have to be honest, I think it's just confusing, I'm gonna remove it in the near future. That flag would create a wrapper DLL around the executable. Let's say you run the following command:
python inceptor.py native topack.exe -o packed.exe --dll
The idea is that you would create two files:
- An exe
- A DLL which should execute a "drop and execute" kind of payload
Last bit. I'm gonna put a Wiki up soon. It's required to use the tool properly, I'm working on it at the moment.
from inceptor.
Thank you, @klezVirus .
I get the point :) But it will be pity if you remove features, already present in the tool. That would be such a waste of time!
I ran successfully this:
python inceptor.py native c:\Repos\test1.raw -o testdll.exe --dll
I got two files:
- testdll.exe
- testdll.dll
But the shellcode is still present in the exe file :( So I am not sure why we need testdll.dll.
This feature would be great, if it worked in this way:
- Exe and DLL file are created
- Exe file is totally safe and it is doing nothing apart from loading DLL file and executing a function in the DLL file
- DLL file contains all the payload with encoding/encryption/unhooking etc.
- DLL can be loaded with this EXE file, or directly with
rundll32 testdll.dll,anyfunctionname
I used such approach to bypass some EDR product, which kept reporting my .exe as malicious and refused to load, even without any shellcode! Putting protected shellcode within DLL solved the problem.
Your tool is great, because it introduced obfuscation, encoding/encryption is so easy, flexible and automated way! DLL with payload is a very needed feature now as many EDR products, do not detect DLL Sideloading or especially DLL hijacking, which allows to execute the payload in difficult scenarios!
thanks
UPDATE: I think you already have similar feature in the tool :)
python inceptor.py native c:\Repos\test1.raw -o testdll2.dll --exports testaaa
dumpbin /exports testdll2.dll
Microsoft (R) COFF/PE Dumper Version 14.29.30133.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file testdll2.dll
File Type: DLL
Section contains the following exports for testdll2-temp.dll
00000000 characteristics
FFFFFFFF time date stamp
0.00 version
1 ordinal base
1 number of functions
1 number of names
ordinal hint RVA name
1 0 002021A0 PsychoBlastEP
rundll32 testdll2.dll,PsychoBlastEP
Yes, WIKI will be extremely helpful :) Thanks.
from inceptor.
Hi @0xElessar, I've started the Wiki, let me know if you notice something missing that you would like to see there. Again, thanks for your feedback, it's extremely valuable!
from inceptor.
No problem, @klezVirus . My pleasure!
Thank you. Wiki looks great. Signing examples ... so helpful !!!
I am going to check the modules examples, but first I need to install the new version. But there is a problem :( Unlucky me :(
from inceptor.
Hi @0xElessar, closing for now, feel free to reopen in case.
from inceptor.
Related Issues (20)
- msvpd.dll HOT 2
- permission error HOT 2
- [ERROR] Module etw was not found HOT 1
- PermissionError: [WinError 5] Access is denied HOT 5
- Permission Denied
- [-] The target binary is x86, while donut is running as x64 HOT 3
- zlib encoder error - Could not load file or assembly Zlib.Portable HOT 3
- Compiler limit exceeded: Line cannot exceed 16777214 characters HOT 4
- How to run Assembly load? HOT 2
- No template found with given criteria HOT 1
- Templates documentation
- MFC in the static library HOT 5
- Compilation failed when -hw in native HOT 2
- Compilation error with Process injection native and native-map_view_section.cpp HOT 1
- Possible to include the necessary dlls in the resulted exe? Error: vcruntime140.dll missing HOT 1
- No template found HOT 2
- UnicodeDecodeError HOT 1
- Dotnet packing error HOT 4
- use -m dinvoke cause notepad injection address conflicts
- LLVM Compiler Error HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from inceptor.