update V1.8

lengjibo · Jan 26, 2021 · 5718ae3 · 5718ae3
1 parent a5186ea
commit 5718ae3
Show file tree

Hide file tree

Showing 16 changed files with 210 additions and 58 deletions.
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
diff --git a/BypassFramework.py b/BypassFramework.py
@@ -3,6 +3,7 @@
 from core.functions import *
 import readline
 from module.memory.CreateFiber import *
+from module.UUID.UUID_bypass import *
 from module.memory.QueueUserAPC import *
 from module.Separation.imageShell import *
 from module.darkexe.darkexe import *
@@ -122,6 +123,29 @@
                                     break
                             except EOFError:
                                 print(" ")
+                    if exe_command.strip(" ")[0] == "4":
+                        while True:
+                            try:
+                                bypass4_command = input("\033[4mFourEye(shellcode_bypass4)\033[0m" + colored(" >>", "green"))
+                                if bypass4_command == "UUID":
+                                    UUIDSehllcode()
+                                if bypass4_command == "x86":
+                                    flag = 1
+                                if bypass4_command == "x64":
+                                    flag = 2
+                                if bypass4_command == "execute":
+                                    if flag == 1:
+                                        x86_uuid_execute()
+                                    elif flag == 2:
+                                        x64_uuid_execute()
+                                if bypass4_command == "exit":
+                                    sys.exit()
+                                if bypass4_command == "back":
+                                    break
+
+                            except EOFError:
+                                print(" ")
+
 
                 except EOFError:
                     print(" ")

diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@
                                  \|   
 
 
-                    v1.7 stable !
+                    v1.8 stable !
                     author lengyi@HongHuSec Lab !
 
  FourEye BypassFrameWork | BypassAV your shellcode && exe 
@@ -88,6 +88,8 @@ https://www.bilibili.com/video/BV1b54y1x7RT
 
 2021.01.09: 隐藏窗口
 
+2021.01.26: 增加UUID免杀方法
+
 
 ## TODO
 

diff --git a/core/__pycache__/functions.cpython-38.pyc b/core/__pycache__/functions.cpython-38.pyc
diff --git a/core/functions.py b/core/functions.py
@@ -32,6 +32,7 @@ def bypass_list():
     print(colored("[+] BypassAV1：Shellcode Launcher using Fibers", "red"))
     print(colored("[+] BypassAV2：Shellcode Launcher using QueueUserAPC", "red"))
     print(colored("[+] BypassAV3：Shellcode Launcher using PNG", "red"))
+    print(colored("[+] BypassAV4：Shellcode Launcher using UUID", "red"))
 
 def help():
     print(colored("Available commands to use :\n","cyan"))
@@ -60,7 +61,7 @@ def x86cpp_execute():
 def x64c_execute():
     try:
         os.system('x86_64-w64-mingw32-gcc ' + '/root/shellcode.c' + ' -o ' + '/root/shellcode.exe' + " --static" + " -w")
-        os.system('rm -rf '+ '/root/shellcode.c')
+        #os.system('rm -rf '+ '/root/shellcode.c')
         print(colored("[+]shellcode compoile at /root/shellcode.exe\n","cyan"))
     except:
         print(colored("[-]error\n","cyan"))
@@ -73,9 +74,24 @@ def x86c_execute():
     except:
         print(colored("[-]error\n","cyan"))
 
+def x86_uuid_execute():
+    try:
+        os.system('x86_64-w64-mingw32-gcc ' + '-m32 ' + '/root/shellcode.c' + ' -o ' + '/root/shellcode.exe' + " --static" + " -w" + " -lrpcrt4")
+        os.system('rm -rf '+ '/root/shellcode.c')
+        print(colored("[+]shellcode compoile at /root/shellcode.exe\n","cyan"))
+    except:
+        print(colored("[-]error\n","cyan"))
+
+def x64_uuid_execute():
+    try:
+        os.system('x86_64-w64-mingw32-gcc ' + '/root/shellcode.c' + ' -o ' + '/root/shellcode.exe' + " -lrpcrt4" + " --static" + " -w")
+        os.system('rm -rf '+ '/root/shellcode.c')
+        print(colored("[+]shellcode compoile at /root/shellcode.exe\n","cyan"))
+    except:
+        print(colored("[-]error\n","cyan"))
 
 def banner():
-    version = '\33[43m V1.0 Beta \033[0m'
+    version = '\33[43m V1.8 Beta \033[0m'
     Yellow = '\33[33m'
     OKGREEN = '\033[92m'
     CRED = '\033[91m'
@@ -92,7 +108,7 @@ def banner():
                                  \|   
 {1}
 
-                    {3}v1.7 stable !{1}
+                    {3}v1.8 stable !{1}
                     {3}author lengyi@HongHuSec Lab !{1}
 
 {2} FourEye BypassFrameWork | BypassAV your shellcode && exe {1}

diff --git a/module/Separation/__pycache__/imageShell.cpython-38.pyc b/module/Separation/__pycache__/imageShell.cpython-38.pyc