[?] Forcing 64-bit architecture
[?] Final shellcode will be encoded with sgn
[?] Unhook enabled
[?] Anti-debug enabled
[?] Payload will be put in .text section
[?] Syscalls enabled
[?] Waiting 7 seconds before executing the payload
[?] Processing /media/sf_FUD/aaapayload/payload.bin
[?] PE detected: /media/sf_FUD/aaapayload/payload.bin: data
[?] Building executable
[?] Executing donut
Only the finest artisanal donuts are made of shells.
-MODULE OPTIONS-
-n <name> Module name for HTTP staging. If entropy is enabled, this is generated randomly.
-s <server> HTTP server that will host the donut module.
-e <level> Entropy. 1=None, 2=Use random names, 3=Random names + symmetric encryption (default)
-PIC/SHELLCODE OPTIONS-
-a <arch> Target architecture : 1=x86, 2=amd64, 3=x86+amd64(default).
-b <level> Bypass AMSI/WLDP : 1=None, 2=Abort on fail, 3=Continue on fail.(default)
-o <path> Output file to save loader. Default is "loader.bin"
-f <format> Output format. 1=Binary (default), 2=Base64, 3=C, 4=Ruby, 5=Python, 6=Powershell, 7=C#, 8=Hex
-y <addr> Create thread for loader and continue execution at <addr> supplied.
-x <action> Exiting. 1=Exit thread (default), 2=Exit process
-FILE OPTIONS-
-c <namespace.class> Optional class name. (required for .NET DLL)
-d <name> AppDomain name to create for .NET assembly. If entropy is enabled, this is generated randomly.
-m <method | api> Optional method or function for DLL. (a method is required for .NET DLL)
-p <arguments> Optional parameters/command line inside quotations for DLL method/function or EXE.
-w Command line is passed to unmanaged DLL function in UNICODE format. (default is ANSI)
-r <version> CLR runtime version. MetaHeader used by default or v4.0.30319 if none available.
-t Execute the entrypoint of an unmanaged EXE as a thread.
-z <engine> Pack/Compress file. 1=None, 2=aPLib
2021/08/13 08:44:56 [MAIN] ERROR: open /tmp/shellcode.bin.donut: no such file or directory
od: /tmp/shellcode.bin: No such file or directory
/root/tools/PEzor/inject.cpp:7:14: fatal error: 'deps/inline_syscall/include/in_memory_init.hpp' file not found
include "deps/inline_syscall/include/in_memory_init.hpp"
From this command:
./PEzor.sh -64 -sgn -unhook -antidebug -text -syscalls -sleep=7 payload.bin
PEzor!! v3.0.3
Read the blog posts here: https://iwantmore.pizza/posts/PEzor.html https://iwantmore.pizza/posts/PEzor2.html https://iwantmore.pizza/posts/PEzor3.html https://iwantmore.pizza/posts/PEzor4.html Based on: https://github.com/TheWover/donut https://github.com/EgeBalci/sgn https://github.com/JustasMasiulis/inline_syscall https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher
[?] Forcing 64-bit architecture [?] Final shellcode will be encoded with sgn [?] Unhook enabled [?] Anti-debug enabled [?] Payload will be put in .text section [?] Syscalls enabled [?] Waiting 7 seconds before executing the payload [?] Processing /media/sf_FUD/aaapayload/payload.bin [?] PE detected: /media/sf_FUD/aaapayload/payload.bin: data [?] Building executable [?] Executing donut
[ Donut shellcode generator v0.9.3 [ Copyright (c) 2019 TheWover, Odzhan
usage: donut [options] <EXE/DLL/VBS/JS>
examples:
[?] Executing sgn
/ / () /__ / / _ ____ __ () (-</ \/ / '/
/ __/ _
/ / `// / _ \/ _
/ / ///////_\_,/_/_,/ _, /_,/ ////_,//========[Author:-Ege-Balcı-]====//=======v2.0.0=========
┻━┻ ︵ヽ(`Д´)ノ︵ ┻━┻ (ノ ゜Д゜)ノ ︵ 仕方がない
2021/08/13 08:44:56 [MAIN] ERROR: open /tmp/shellcode.bin.donut: no such file or directory od: /tmp/shellcode.bin: No such file or directory /root/tools/PEzor/inject.cpp:7:14: fatal error: 'deps/inline_syscall/include/in_memory_init.hpp' file not found
include "deps/inline_syscall/include/in_memory_init.hpp"
1 error generated.