search

oddcod3 / Phantom-Evasion

Python antivirus evasion tool
GNU General Public License v3.0
1.39k stars 334 forks source link

error while compiling #84

Open sudo-WearTherinG opened 4 years ago

sudo-WearTherinG commented 4 years ago

[+] MODULE DESCRIPTION:

Pure C reverse tcpstager compatible with metasploit and cobaltstrike beacon [>] Local process stage execution type:

Thread
APC

[>] Local Memory allocation type:

Virtual_RWX
Virtual_RW/RX
Virtual_RW/RWX
Heap_RWX

[>] AUTOCOMPILE format: exe,dll

Press Enter to continue:

[>] Insert Target architecture (default:x86):

[>] Insert LHOST: 192.168.1.107

[>] Insert LPORT: 443

[>] Insert Exec-method (default:Thread):

[>] Insert Memory allocation type (default:Virtual_RWX):

[>] Insert Junkcode Intesity value (default:10):

[>] Insert Junkcode Frequency value (default: 10):

[>] Insert Junkcode Reinjection Frequency (default: 0):

[>] Insert Evasioncode Frequency value (default: 10):

[>] Dynamically load windows API? (Y/n):y

[>] Add Ntdll api Unhooker? (Y/n):y

[>] Masq peb process? (Y/n):y

[>] Insert fake process path?(default:C:\windows\system32\notepad.exe):

[>] Insert fake process commandline?(default:empty):

[>] Strip executable? (Y/n):y

[>] Use certificate spoofer and sign executable? (Y/n):y

[>] Insert url target for certificate spoofer (default:www.windows.com:443):

[>] Insert certificate description (default:Notepad Benchmark Util):

[>] Insert output format (default:exe):

[>] Insert output filename:filename.exe

[>] Generating code...

[>] Compiling...

[>] Strip binary...

[>] Sign Executable

Traceback (most recent call last): File "phantom-evasion.py", line 402, in CompleteMenu() File "phantom-evasion.py", line 125, in CompleteMenu Phantom_lib.ModuleLauncher(module_type) File "Setup/Phantom_lib.py", line 964, in ModuleLauncher ExeSigner(ModOpt["Outfile"],ModOpt["SpoofCert"],ModOpt["descr"]) File "Setup/Phantom_lib.py", line 439, in ExeSigner pfx = crypto.PKCS12Type() AttributeError: module 'OpenSSL.crypto' has no attribute 'PKCS12Type'

root@kali:~/tools/Phantom-Evasion#

Runned script in python and python3

Os kali linux

Linux kali 5.8.0-kali3-amd64 #1 SMP Debian 5.8.14-1kali1 (2020-10-13) x86_64 GNU/Linux

OS5100 commented 3 years ago

Have a look at /Phantom-Evasion/Setup/Phantom_lib.py and search in file for 'pfx = crypto' The attribute is stated as PKCS12Type

Compare it with the attribute in /usr/lib/python3/dist-packages/OpenSSL/crypto.py and you will find out that it should be simply PKCS12

To fix this, change it in /Phantom-Evasion/Setup/Phantom_lib.py from PKCS12Type to PKCS12

sukusec301 commented 2 years ago

What a nice soluation!

dharmareddy089 commented 2 years ago

really worked like a charm but make sure not to change ( ) just type PKCS12( ) in place of pfx = crypto