Windows - Batch Obfuscated Stager
HTML-код
- Опубликовано: 2 ноя 2020
- To help support me, check out Kite! Kite is a coding assistant that helps you faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link) Hang with our community on Discord! johnhammond.org/discord
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: paypal.me/johnhammond010
GitHub: github.com/JohnHammond
Site: www.johnhammond.org
Twitter: / _johnhammond
I hate when my system knows that I'm about to run calculator... Thanks John
RUclips recommend this more! This is so good content! Make this handsome man have the BEST Channel please!
amen
I'm pumped for this! I love new John Hammond videos!
I discovered you a few weeks ago from another person and HAVE to agree you are just awesome man. I love your videos keep em coming Imma learn everything I can
hey john ...... do u think we get uncomfortable when u get an error?...... please no...we wanna see the errors and honestly, you are the only youtuber i know who shows the errors and solves that infront of us... and i think thats awesome..... anyway , nice video
I wouldn't say "the only" 'cause there are others, but I would definitely say "one of the few". 'Cause most people seem to be embarrased by their own failures.
love your work John, please keep it up and never stop
Commenting for youtube's algorithm thing xD
It’s working
You sure?
Working, can confirm
Yeah working
Just clicking around on security websites and found this. Super interesting. I want more. Subscribed.
you mean security forums?
Best video ever! Much appreciated you do a great job explaining 🧡
Awesome work. This taught me so much . Thank you.
Keep up the great work John!
Wait until he discovers he can re-assign variables that are already used to mess with the brains of whoever is trying to decode it...
triple layer recursion with intertwining variables...
That is going to be fun...
now i really want to make a obvusbat generator that does that...
It was fun to listen for the first minutes, program the entire thing in python on my own and then see what you've come up with ^^'
Love your work
Keep up the good work man!
Loved this video! Commenting so I get more of this :) Thanks!
I really thought of this once but never got time to make it work.
Am really happy that you turned that concept to real thing
Fucking amazing man… you just gave me great ideas on how to obfuscate my batch file. You are fucking underrated you need more subs man.
He was an obfusk8r boi, he said see ya later boi.
Deserves much more views
I love this video!
Great explanation!
That was really quite fun to watch lmao
Nice Work!
You can show the idea of the code and steps in Microsoft OneNote because some people prefer that way to understand. Just a little to make the video more awsome :'D
LOVE YOU MORE! :-D
as you might notice... the last line in your output always claims about the "|". You cannot set pipe to a variable this way ;)
Oh nice. What a perfect time to take lunch.
@John Hammond Awesome work man! I'm a Sec / Infrastructure engineer based in Perth Australia and your videos have always been entertaining / informative. Will you make this python code available on GIT? i'd love to mess with it more and see what additions i could come up with - cheers man Greetings from Perth
The best 💕
I watch these videos like a dog trying to understand physics in hopes that one day I'll be able to understand this shit. 😭
this is how my unobfuscated code looks
yeah, except my code also just returns syntax errors
I'm still trying to just get my text editor to scroll the code I'm writing to the middle of the screen. Getting really tired of wiggling code right at the bottom of the monitor. If I don't figure it out soon I might have to activate window because it's a really pain in the ass trying to read text over top the activate windows water mark 😋
@@mr.picklesworth imagine needing to pay for an operating system.
use linux
Thats the funny part. I am running linux mint on a vm and use it most of the time. I would only use Linux but then I can't play certain games with my kid. Sadly there are still a few things that can only be done on windows otherwise I would only run Linux.
Dualboot your bootloader
Exactly how it is when your experimenting.. “Did it execute?! Yes!!!!
Can you do a video on what you would recommend to someone just starting out in cybersecurity to help them learn? Or a video on what you resources you used to get to your level of knowledge?
I was definitely not as excited as you about that LOL. I love your excitement tho you should be an actor 😂
oh and please call it cmd not batch. just like we call it bash because /bin/bash. batch is a cmd script. also set is a command 😂
awesome!!!!!!!!!!!!!!!!!!!!!!
👍 nice!!!
I kind of love how evil it is to use modular arithmetic (%) with all the other %'s floating around
Interesting concept, but i think you should take it a bit further. Im considering doing it my self in java. I think, it‘s more effective by doing it on a character base, even for the set.
5:38 Someone's a little too used to Linux...
If you want to include all characters, use quotes: set "idofjwkodif=%=exitcodeAscii%". No need to add bad_chars.
Python string (in create_variable): return f"{set_operator}%%{space_character}%\"{varname}%{equals_character}%{value}\""
stupid algorithim you deserve more viewers
Every programmer: OK, so then you just run it... oh something broke
I've instantly found that mistake: hat character (^) is used as escape character in windows. Like backslash on *nix. Windows is weird.
well this is nice to encrypt stuff
it's not encryption, it's easily reversable. it's just obfuscation
I think it’s the pipe character.
Neat
What should I know or study to understand this?
The title of this video should be: "Set title='Windows - Batch Obfuscated Stager'" | obfsucator.py
naisu
did anybody else feel upset about not using the %windir% env?
Hello Algorithm! 👋 please put this in more people's suggestions!
I have a dumb question! How did you manage to call your sublime-text text editor from the place where you were?? I would have to be in the folder where my subl.exe is located to actually call it.
He probably added it to the path environment variable.
stuff we have to get back to in our life? ....nope lol
can you upload this obfuscator???
Isn't this concept used by Metasploit Powershell payloads or am I mistaken?
can't you escape the special characters with either a backslash or as a single character ('|') or in a string "|"
Yep, there is command prompt & batch script escape characters
ALGORITHM STUFFS x'D
Which programing languages should learn before using linux, C++, Python, java or JavaScript? 🤔
Bash cli should be the starting point imo
Thank you
All
Bash and c++
if you wanna use more complicated distros/WMs, learn a bit of C
if you wanna learn simple distros/DEs, you don't need to learn anything but most of them use JavaScript to customize things and make widgets.
first learn bash
my mind === nuclear explosion
Download link?
Pretty sure the problem was the fact you didn't check whether a random was already set...
Well somebody could just use find and replace those weird strings with the ones you provide with all those initial set. But funny video indeed.
Right, or someone could just add an `echo` to the beginner of the line that actually executes whatever "payload". To a human analyst, this is easy. To a machine and automated AV or EDR, maaaaaybe it wouldn't pick up on this. That's the basic idea. Thanks for watching!
Lol, batch has separate logic for the command prompt & a bat/file execution.
The joy of working with windows.
@@monkey5266 yep, but i respect and love it myself
Where is the source code for this?
Algorithms
37:05 the numbers where majorly different, not just by one, but 100000, you printed a 3 instead of a 2 in the 100K place
Yeah, I noticed that mishap during the premiere. Bummed I didn't see it while recording the video -- maybe we could amp the number up and make it even higher. Add some more "noise" :P
@@_JohnHammondYeah man that'd be great!
DUDE
ITS THE PIPE CHARACTER
THE BAD COMMAND THING IS A RACE CONDITION
Hi John, please put this code on your GitHub.
u r legion
what
@@slonkazoid out of ur reach
@@torsec6048 checked your profile
No, I have taken actual cyber security training and use GNU+Linux as my daily driver.
Kind of slow to just start calculator :D
Sir please make a video on how to download old gnome in Kali Linux 2020
sir you are not supposed to use kali as a daily driver, it's insecure af
Hahahaha Kali switch to Arch power and install black arch tools from their wiki
@@nikolas8741 oh god that is even edgier
as an arch user btw i disapprove of this message
@@slonkazoid what do you know that I don't is Arch secure? I am kinda novice should I use Arch for my every day driver?
@@nikolas8741 I use arch as a playground for extreme things like compiling custom kernels and non-extreme things such as ricing dwm
So yes, it is good as a daily driver if you wanna explore deeper
Create some course for us john
brain melting heheheheheheheheh
How to bypass obfuscation completely:
Prepend '@echo on'
Open in CMD
See the commands
You realize that the batch files can disable & enable echo basically on demand.
Aka meaning that a clever use of the batch file can hide the commands & a batch file done right is stupidly fast and cls can be used frequently enough to make even 200hz captures (aka 200+fps) be unable to even do a frame of it.
Sir i like hacking how can i start to learn hacking
learn python 1st there are lots of free courses online then go from there
15:52
what the wut ????
So basically we’re gonna teach people how to write better malware
Does anybody actually register Sublime Text? lmfao
8ii8
1st 🙄