Thanks for watching, John! That's not a bad idea. I'm sure to be doing more obfuscation and FUD stuff in the future, so it makes sense that I should organize those into a Playlist 😎👍
@@daniellowrie That would be FANTASTIC!! No matter what you do, your method of explanation on complex cyber topics is indispensable to the community, so thank you! Rock on, Brother! 🤘🏽
That's a great question. XOR is a common function and many Android APKs are written in Java and C++, which msfvenom supports, so I think you could do this for Android payloads, but I've never messed with it though.
hmm isnt there an option in metasploit to dynamicaly xor enocde the payload, its good to learn to code the xor encryption as u can be more self reliant but if i do it in any of the both ways its gonna be serving the same purpose of encryption right no difference in xor encrypting either ways right , and also this metasloit payload code does it have to work with the meterprter session itself ? if the code is generated could it be used with any c2 of ur liking by copy pasting the payload to establish a connection using the c2
You are correct that metasploit has a xor encryption for payloads, but you're also correct that we should be learning how to do these things for ourselves so that we don't have to rely on tools for everything. I've had xor encoded metasploit payloads get popped by AV before, so you gotta expect those off-the-shelf solutions will eventually get signatured and that's when your own solution will really come in handy. I'm fairly certain that some metasploit payloads can work with other listeners.
@@liorshalom4 I'm glad to hear that you got it figured out. For others that may be having issues, would you be willing to share what the issue was and how you fixed it?
nice concept but i wished i could have done mine as perfect as you have done yours. unfortunately i have got this error even though i have to imitate your same pattern. how can i fix this error. TypeError: "a byte-like object is required not str" please i will be grateful for your answer
Hey Tonye, thanks for watching! I hate to hear that you're having trouble with your script, but hopefully I can help you solve the issue. It sounds like one of your objects is of the type "string", but the system is looking for an object that is of the type "bytes". (I ran into this same issue when creating my script) So what you have to do is either... Make sure to define the type of object you want when you create an object like a variable. Example of a "string" type object: var1 = "foobar" Example of a "bytes" type object: var1 = b'foobar' Or you can convert your "string" object to a "bytes" object. Example of converting a "string" to a "bytes" object: Create a "string" object as a variable called "var1"... var1 = "foobar" Verify that it is a "string" with "type()" type(var1) Convert your "string" to "bytes" object and save it in a new variable called "var2"... var2 = bytes(var1, "UTF8") Verify that "var2" is a "bytes" object... type(var2) If you copied my script, then I would just recheck to make sure you didn't miss something small that could be causing your issue, or just quickly convert your "string" object to "bytes" and hopefully that clears everything up for you. I pray this helps you work it out. Cheers!
@daniellowrie Hello Daniel. It's quite amazing how everything work fine as you outlined for me on my previous question. except when compiling the xor script to an exe with pyinstaller, it becomes an un-ending errors of different sources that has broken my heart for a couple of days now. So, I thought to stop by and consult your authorization if you can help me out again. Thanks for your help in advance. How do I make the already "xor script" an exe without errors with pyinstaller or it's alternative?
My friend, this is why I've started learning other programming languages. Compiling Python to EXEs can be a nightmare and is the main reason I've started looking into "compiled" languages. Python is a "scripting" language that can be compiled with the right "magic spell", but that's not what it's meant to do. Whereas Rust, C/C++/C#, Golang, Nim, etc, they are compiled languages by nature and therefore are much better suited for generating EXEs. That said, be on the lookout later today for my latest video which is building a buffer overflow exploit using Golang. If you like Python (which you should and I still do), then I think you'd like Golang as well and may be more useful to you when you want to make an EXE.
Thanks for watching, Fantasia! There is a pypi project called "python-for-android" and it looks like it just may be the lunatic you're looking for. (Great! Now I've got that song in my head😆) pypi.org/project/python-for-android/