SneakyEXE is a tool which helps you embedding UAC-Bypassing function into your custom Win32 payloads ( x86_64 architecture specifically )
Requirements
Linux | Windows | |
---|---|---|
Architecture | Optional | x86_64 |
Python 3.x > | YES | NO |
Module | termcolor | NO |
Distros | Any | Windows |
Version | Any | Windows 7,8,10 |
Also Read – Slackor : A Golang Implant That Uses Slack As A Command & Control Server
Usage
[ Linux ]:
This tool does require a python module called
termcolor
. When you run the script it will automatically install it if you haven’t, but if you want the tool to function faster, i would suggest you doing it manually before proceeding
$ pip3 install termcolor #installing termcolor
$ #Temporary usage only, installation below
$ git clone https://github.com/Zenix-Blurryface/SneakyEXE.git
$ cd SneakyEXE/Linux $ chmod +x sneakyexe.py
$ ./sneakyexe <option>=<path to payload/code> out=<where you wanna save>
[ Windows ]:
– NOTE – The payload can only be successfully executed by the user with Administrator privilege. Users with limited token wouldn’t succeed.
Installation
[ Linux ]:
$ git clone https://github.com/Zenix-Blurryface/SneakyEXE.git
$ cd SneakyEXE
$ chmod +x install.sh
$ sudo ./install.sh
[ Windows ]:
UNAVAILABLE
Build
Python 3.6.5
gcc (MinGW.org GCC-8.2.0-3) 8.2.0
for the payload compilationgcc gcc 8.2.0
( c11
) and a AMD64 machine with Windows 10(7/8) 64-bit installed.# Windows 10/7/8 (AMD64)
# Open cmd.exe / powershell.exe
>> gcc -mwindows -o <output>.exe /source/main.c
Python 3.5.6
( or higher ) with modules like Pyinstaller
, Pillow
and a AMD64 machine with Windows 10 (7/8) 64-bit installed.# Assume we already had Python preinstalled
# Open cmd.exe / powershell.exe
>> pip install pillow # Installing Pillow
>> pip install pyinstaller # Installing Pyinstaller
>> mkdir compile # Optional directory name
>> cd compile
>> pyinstaller –windowed –onefile –icon=Icon.ico /source/Win32/GUI.py
# For sysematic version ( /sys ), remove –onefile
>> cd dist
>> GUI.exe # The compiled executable :}
Disclaimer
abuse this tool
for any black-hat activitydon't reclaim the ownership
.Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…