Merge pull request Pennyw0rth#541 from termanix/update-exe-nxc-data

NeffIsBack · web-flow · commit 9e1643610c39 · 2025-02-03T00:45:14.000+01:00
Updated exe files while putting for evasion
diff --git a/nxc/modules/handlekatz.py b/nxc/modules/handlekatz.py
@@ -5,7 +5,7 @@
 import base64
 import re
 import sys
-
+from datetime import datetime
 from nxc.helpers.bloodhound import add_user_bh
 from pypykatz.pypykatz import pypykatz
 
@@ -34,6 +34,8 @@ def options(self, context, module_options):
         self.handlekatz_path = "/tmp/"
         self.dir_result = self.handlekatz_path
         self.useembeded = True
+        # Add some random binary data to defeat AVs which check the file hash
+        self.handlekatz_embeded += datetime.now().strftime("%Y%m%d%H%M%S").encode()
 
         if "HANDLEKATZ_PATH" in module_options:
             self.handlekatz_path = module_options["HANDLEKATZ_PATH"]
diff --git a/nxc/modules/impersonate.py b/nxc/modules/impersonate.py
@@ -6,7 +6,7 @@
 from base64 import b64decode
 from os import path
 import sys
-
+from datetime import datetime
 from nxc.paths import DATA_PATH
 
 
@@ -29,8 +29,13 @@ def options(self, context, module_options):
         self.impersonate = "Impersonate.exe"
         self.useembeded = True
         self.token = self.cmd = ""
+
         with open(path.join(DATA_PATH, ("impersonate_module/impersonate.bs64"))) as impersonate_file:
             self.impersonate_embedded = b64decode(impersonate_file.read())
+
+        # Add some random binary data to defeat AVs which check the file hash
+        self.impersonate_embedded += datetime.now().strftime("%Y%m%d%H%M%S").encode()
+
         if "EXEC" in module_options:
             self.cmd = module_options["EXEC"]
 
diff --git a/nxc/modules/nanodump.py b/nxc/modules/nanodump.py
@@ -51,6 +51,10 @@ def options(self, context, module_options):
         self.nano = "nano.exe"
         self.nano_path = ""
         self.useembeded = True
+        # Add some random binary data to defeat AVs which check the file hash
+        padding = datetime.now().strftime("%Y%m%d%H%M%S").encode()
+        self.nano_embedded64 += padding
+        self.nano_embedded32 += padding
 
         if "NANO_PATH" in module_options:
             self.nano_path = module_options["NANO_PATH"]
diff --git a/nxc/modules/pi.py b/nxc/modules/pi.py
@@ -1,7 +1,7 @@
 from base64 import b64decode
 from sys import exit
 from os.path import abspath, join, isfile
-
+from datetime import datetime
 from nxc.paths import DATA_PATH, TMP_PATH
 
 
@@ -25,9 +25,13 @@ def options(self, context, module_options):
         self.pi = "pi.exe"
         self.useembeded = True
         self.pid = self.cmd = ""
+        
         with open(join(DATA_PATH, ("pi_module/pi.bs64"))) as pi_file:
             self.pi_embedded = b64decode(pi_file.read())
 
+        # Add some random binary data to defeat AVs which check the file hash
+        self.pi_embedded += datetime.now().strftime("%Y%m%d%H%M%S").encode()
+        
         if "EXEC" in module_options:
             self.cmd = module_options["EXEC"]
 
diff --git a/nxc/modules/procdump.py b/nxc/modules/procdump.py
@@ -8,6 +8,7 @@
 from nxc.helpers.bloodhound import add_user_bh
 from nxc.paths import TMP_PATH
 from os.path import abspath, join
+from datetime import datetime
 
 
 class NXCModule:
@@ -34,6 +35,8 @@ def options(self, context, module_options):
         self.procdump_path = abspath(TMP_PATH)
         self.dir_result = self.procdump_path
         self.useembeded = True
+        # Add some random binary data to defeat AVs which check the file hash
+        self.procdump_embeded += datetime.now().strftime("%Y%m%d%H%M%S").encode()
 
         if "PROCDUMP_PATH" in module_options:
             self.procdump_path = module_options["PROCDUMP_PATH"]
