I felt inspired yesterday evening and worked late into the night last night as well as all day today to bring this to a functional level. This is my first endeavor into payload creation AND my first Python project so I am learning a hell of a lot along the way. Here is the gist of the functionality at this point:

– Tests for open outbound ports upon execution.
– builds and executes powershell payloads on the fly using the results of the port testing.
– Custom written so it should avoid easily avoid AV. It has so far with Kaspersky during testing.
– Powershell payloads generated on the fly.

This utilizes @Mattifestation’s Invoke-Shellcode in order to build and execute reverse HTTPS Meterpreter sessions based on port availability. Right now it is being compiled with Pyinstaller. I am looking into using PWNstaller.

Walk-through:

Block a couple of outbound ports. Right now the scripts loops through 443, 53, 9443, and 80 in that order :

1. Payload is executed and loops through an array of ports until it finds one that is open.

NOTE: This window is strictly for debugging

2. Starts notepad.exe process

3. Uses the Invoke-Shellcode command to build shellcode based on that open port and injects it into the notepad.exe process. Port 9443 was found to be open and as a result a session comes in on that port.

The payload is quite large, about 3.4Mb, so I am going to port it to C in the future to help cut down on the size. I have tested this at a couple of clients and it flies right by antivirus and establishes a success connection. In that respect I consider this a success.