Skip to content

Latest commit

 

History

History
58 lines (45 loc) · 5.19 KB

README.md

File metadata and controls

58 lines (45 loc) · 5.19 KB

Zouzounim

Playing around with Offensive Nim. I am just trying to play with nim and understand about WIN32 APIs. Sorry for the horrible code. PR are welcome !

Features:

DISCLAIMER. All information contained in this repository is provided for educational and research purposes only. The author is not responsible for any illegal use of this tool.

Usage

Installation: On Windows, execute the Nim installer from here. Make sure to install mingw and set the path values correctly using the provided finish.exe utility. If you don't have Python3 install that, then install the required packages as follows.

~$ nimble install winim nimcrypto
~$ pip3 install pycryptodome argparse
~$ git clone --recurse-submodules https://github.com/Zeckers/ZouzouNim.git && cd ZouzouNim

Example:

~$ msfvenom -a x64 --platform windows -p windows/exec cmd=calc.exe -f c -o shellcode.bin
~$ python.exe .\ZouzouNim.py shellcode.bin -o Basic_injector -r -p notepad.exe --debug
~$ Open notepad.exe 
~$ .\Basic_injector.exe

Help:

usage: ZouzouNim.py [-h] [-p PROCESS] [-o OUTPUT] [-r] [--debug] shellcode_bin

positional arguments:
  shellcode_bin         path to the raw shellcode file

optional arguments:
  -h, --help            show this help message and exit
  -p PROCESS, --process PROCESS
                        process to inject (default "C:\Windows\explorer.exe")
  -o OUTPUT, --output OUTPUT
                        output filename
  -r, --rdmsyscalls     use NimlineWhispers2 to randomize direct syscalls and generate syscalls.nim
  --debug               do not strip debug messages from Nim binary

ToDo

  • Adding fresh copy of ntdll (maybe shellycoat integration)
  • Disable ETW
  • Sleep time
  • Bypass AV/EDRs

Thanks to Cas Van Cooten (@chvancooten) for the help,@ajpc500 for the blog post and NimlineWhispers2 and @byt3bl33d3r for the amazing Offensive Nim repos