optiv / freeze.rs Goto Github PK
View Code? Open in Web Editor NEWFreeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST
License: MIT License
Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST
License: MIT License
Hello,
I'm testing your packer, and it seems that the embedded shellcode is not executing properly.
I generated the shellcode with the following command:
msfvenom --platform Windows -p windows/x64/exec CMD=calc.exe -f raw -o calc.raw
Then, I used Freeze.rs like this:
git clone https://github.com/optiv/Freeze.rs.git
cd Freeze.rs/
cargo run -- --Input calc.raw --console -O calc.exe
When executed, the packer is looping and spamming suspended Notepad.exe processes. The shellcode is thus not executed:
To make sure that the shellcode is working properly, I tested with RustPacker using the following command:
cargo run -- -f shared/calc.raw -i syscrt -e aes
This time, the shellcode is properly executed:
The target system I tested Freeze.rs against is a Windows 11 Pro 21H2.
All the best,
Nariod
Hello,
I wanted to inform you that I encountered some issues while using your program. The following errors were detected: E0405, E0412, E0432, E0433, E0463.
I found that these errors come with detailed explanations and that more information can be obtained by using the command rustc --explain E0405.
When attempting to compile typenum using the cargo build command, it was reported that there were 150 previous errors, and the command ultimately failed.
I hope you can assist me in resolving this issue. Thank you in advance for your efforts.
Best regards,
Hi,
I've tried a couple of payloads as I wasn't sure in which format they should be. From simple meterpreter, mimikatz and some .NET code. With the command
./Freeze-rs -c -p notepad.exe -I examples/psshell.bin -O psshell.exe
The code compiles, I can execute the code on Windows but the process crash. I can see notepad.exe started briefly before WerFault.exe . Similar if I use PELoader, it's starting the process and then all crashes. I wonder if the payload needs to be very specific or it's something else.
C:\Users\localadmin\Downloads>ps-freeze.exe
[*] Patching ETW...
[*] Created Suspended Process 9976
[*] Selected Module: ntdll.dll
[*] Creating Handle to Suspend Process
[*] Module's Base Address: 0x00007ffb519d0000
[*] Offset of .Text Section: 0x1000
[*] Full Address Mappuing: 0x7ffb519d1000
[*] Size: 1151438
[+] Parsing Our Proccess's Ntdll.dll Structure
[+] Restoring Our Proccess's Ntdll.dll .Text Space
[+] Hooks Flushed Out
[*] Repatching ETW...
[*] Executing Shellcode
[*] Calling NtAllocateVirutalMemory
[*] Calling NtWriteVirtualMemory
[*] Calling NtProtectVirtualMemory
C:\Users\localadmin\Downloads>
[!] Selected Process to Suspend: notepad.exe
[] Encrypting Shellcode Using AES Encryption
[] Shellcode Encrypted
[*] Created new Rust project: 1
thread 'main' panicked at 'Failed to open Cargo.toml: Os { code: 3, kind: NotFound, message: "系统找不到指定的路径。" }', build\src/build.rs:30:10
note: run with RUST_BACKTRACE=1
environment variable to display a backtrace
Hi, I am looking to find a way to use freeze to encrypt cobalt payloads, I was attempting with golang version but didn't work, I now, I am trying to make this Rust version work.
I am facing this error posted below, it says "No such file or directory" }', build/src/build.rs:23:10
Could you help to understand what I am missing?
Thank you
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.