-
Notifications
You must be signed in to change notification settings - Fork 126
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
39 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,47 @@ | ||
| # NXcrypt | ||
|
|
||
| NXcrypt is a python backdoors , payloads crypter written in python by Hadi Tux (had3s) . | ||
| the output backdoors are fully undetectable . | ||
| NXcrypt is a polymorphic 'python backdoors' crypter written in python by Hadi Mene (h4d3s) . | ||
| The output is fully undetectable . | ||
|
|
||
| NXcrypt is a anti-virus evasion tool . | ||
|
|
||
| - NXcrypt can not encrypt file 2 time | ||
| - In linux distros , run it as root | ||
| - NXcrypt encrypted outputs are 99% FUD | ||
| - In Linux , run it as root | ||
| - NXcrypt encrypted output is 99% FUD | ||
|
|
||
| # Usage : | ||
|
|
||
| - sudo ./nxcrypt.py --file=backdoor.py --output=output_backdoor.py # encrypt backdoor.py and output file is output_backdoor.py | ||
| - sudo ./nxcrypt.py --file=backdoor.py # encrypt backdoor.py and default output file is backdoor.py but you can edit it in source code | ||
| -sudo ./nxcrypt.py --help # nxcrypt help | ||
| - sudo ./NXcrypt.py --file=backdoor.py --output=output_backdoor.py # encrypt backdoor.py and output file is output_backdoor.py | ||
| - sudo ./NXcrypt.py --file=shell.py # encrypt shell.py and default output file is backdoor.py but you can edit it in source code | ||
| -sudo ./NXcrypt.py --help # NXcrypt help | ||
|
|
||
| # How it work ? | ||
|
|
||
| -NXcrypt add some junkcode . | ||
| -NXcrypt use a python internal module 'py_compile' who compile the code into bytecode to a .pyc file . | ||
| -NXcrypt convert .pyc file into normal .py file . | ||
| -And with this way we can obfuscate the code | ||
| -The md5sum will change too | ||
|
|
||
|
|
||
| # Test with Virustotal | ||
|
|
||
| Before : | ||
|
|
||
| SHA256: e2acceb6158cf406669ab828d338982411a0e5c5876c2f2783e247b3e01c2163 | ||
| File name: facebook.py | ||
| Detection ratio: 2 / 54 | ||
|
|
||
| After : | ||
|
|
||
| SHA256: 362a4b19d53d1a8f2b91491b47dba28923dfec2d90784961c46213bdadc80add | ||
| File name: facebook_encrypted.py | ||
| Detection ratio: 0 / 55 | ||
|
|
||
|
|
||
| # Credits | ||
|
|
||
| All Credits go to Suspicious Shell Activity team | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|