Jump to content
Fi8sVrs

Winpayloads – Undetectable Windows Payload Generation

By Fi8sVrs, in Programe hacking

Recommended Posts

  • Active Members
Fi8sVrs Rookie

Fi8sVrs

Posted
  • Active Members
Posted

Winpayloads is a tool to provide undetectable Windows payload generation with some extras running on Python 2.7.

 

Winpayloads-Undetectable-Windows-Payload

 

It provides persistence, privilege escalation, shellcode invocation and much more. The tool uses metasploits meterpreter shellcode, injects the users IP and port into the shellcode and writes a python file that executes the shellcode using ctypes. This is then AES encrypted and compiled to a Windows Executable using pyinstaller.

 

Features

 

  • UACBypass – PowerShellEmpire
  • PowerUp – PowerShellEmpire
  • Invoke-Shellcode
  • Invoke-Mimikatz
  • Invoke-EventVwrBypass
  • Persistence – Adds payload persistence on reboot
  • Psexec Spray – Spray hashes until successful connection and psexec payload on target
  • Upload to local webserver – Easy deployment
  • Powershell stager – allows invoking payloads in memory & more

 

Winpayloads also comes with a few features such as UAC bypass and payload persistence. These are powershell files that execute on the system when the meterpreter gets a reverse shell. The UAC bypass is written by PowerShellEmpire and uses an exploit to bypass UAC on local administrator accounts and creates a reverse meterpreter running as local administrator back to the attackers machine.

Winpayloads can also setup a SimpleHTTPServer to put the payload on the network to allow downloading on the target machine and also has a psexec feature that will execute the payload on the target machine if supplied with usernames,domain,passwords or hashes.

 

Installation

 

  1. git clone https://github.com/nccgroup/winpayloads.git
  2. cd winpayloads
  3. ./setup.sh will setup everything needed for Winpayloads
  4. Start Winpayloads ./Winpayloads.py
  5. Type ‘help’ or ‘?’ to get a detailed help page

 

Download Winpayloads-master.zip

 

Source

  • Upvote 3

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...