tylous / zipexec Goto Github PK
View Code? Open in Web Editor NEWA unique technique to execute binaries from a password protected zip
License: MIT License
A unique technique to execute binaries from a password protected zip
License: MIT License
It looks like it extracts the zipfile into %TEMP%\Temp1_xxxx.zip
, (where xxxx is the zipfile name) then runs it from there, then deletes it. Do you know if there is any way to change the destination of this? I looked and couldn't find a way to do this but wondering if you knew anything off the top of your head.
Side note, thanks for publishing this tool, it's awesome!
EDIT this looks like the same behavior as executing from the windows zip GUI, disregard.
Se ejecuta la siguiente instrucción
ZipExec -I shell.exe -O loader.js -sandbox
y lo único que devuelve es shell.rar
El archivo loader.js no se genera, y me surge una duda si se dice que ejecuta binarios
sin descomprimir. Cuál es la instrucción?
Gracias de antemano, parece interesante, sólo que no hay mucha documentación al respecto.
Hi,
I am trying to unzip a file and I don't think I quite understand how to. I tried to execute the loader.js from cmd with $> node loader.js
and it gave a syntax error saying "Identifier 'GIhtL' has already been declared". What's the correct way of unzipping?
Side note: I'm a new learner so it might be a silly question.
Any assistance to changing the cryptor pattern or stub
Malicious File: Dark Comet Trojan
nothing happens when running loader.js
should i use a meterpreter shell or something?
Hi,
Sometimes some loader.js's cannot unzip the file, while loader.js is executed via cscript.exe. However, in this case, I can see the zip file under the %TMP% directory. For another case, I can confirm that loader.js is working in my computer properly, but it doesn't work for another computer with the same build number and OS. In the second case, I am getting the same error. The screenshot of the given error can be seen below:
Уважаемый разработчик, если есть возможность сделай видео о работе с этим чудом или напишите руководство.
wow that is very sneaky! is there a way to do this on linux or mac?
Hello,
I just tested your PoC, and I'm probably doing it wrong, actually I compiled it on debian buster, and I use this command line :
./ZipExec -I /home/user/artifact.exe -O /home/user/loader.js -sandbox
And I run the loader.js on a windows 10 virtual machine but nothing happens, I edited the path in the .js file to avoid a weird linux path in it but it's the same result.
If I check in the %temp% directory, I don't have any zip file, so I tried to execute it with cscript, and I don't have any exceptions.
I'm interested if you have an idea.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.