Skip to content
/ AzoBrute Public

A tool to bruteforce the encryption key and GUID for AzoRult 3.3

License

GPL-3.0 license
5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

NexusFuzzy/AzoBrute

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
azobrute.py
azobrute.py
 
 
screenshot.png
screenshot.png
 
 

Repository files navigation

AzoBrute

A tool to bruteforce the encryption key and GUID for AzoRult 3.2 and 3.3 using a Known-Plaintext Attack.

This script is able to bruteforce the XOR key used for encrypting the traffic sent via POST to the AzoRult Server. Afterwards, it automatically extracts the GUID which you can the use for AzoSPam. One way to save those requests is with Burp Suite with which you are able to save out the requests to file:

Note: This project ist still work in progress - Bruteforcing the key takes several minutes depending on your CPU

How To

Open Burp and execute the AzoRult malware (in a secure environment - don't make your CISO upset!)

Rightclick > Copy to file

The use azobrute.py to decrypt the request. Please note, that a normal C2-Traffic contains of two POST-Requests. One short "Check-In" and afterwards a bigger request with the Credentials, Cookies etc.

alt text

This should give you a file like this:

alt text

This file can then be used as input which should produce the decrypted output saved as file:

alt text

About

A tool to bruteforce the encryption key and GUID for AzoRult 3.3

Resources

Readme

License

GPL-3.0 license
Activity

Stars

5 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages