BOAZ_beta icon indicating copy to clipboard operation
BOAZ_beta copied to clipboard
verified publisher icon thomasxm

The output exe does nothing

Open hillelpinto opened this issue 9 months ago • 3 comments

Hi i made simple cpp code that makes a zip and send it on the internet, so that it can indeed be flagged by AV. When using the tool with the following command

python3 Boaz.py -f ../Hardly.exe -o ./chrome.exe -t donut -l 1 -c pluto -e uuid

the output seems to anounce that everything worked

End of search list. "/home/hpinto/Boaz_beta/./llvm_obfuscator_pluto/bin/ld.lld" -m i386pep -Bdynamic -o ./chrome.exe /usr/x86_64-w64-mingw32/lib/crt2.o /usr/x86_64-w64-mingw32/lib/crtbegin.o -L/usr/lib/gcc/x86_64-w64-mingw32/13-win32 -L./clang_test_include -L/usr/x86_64-w64-mingw32/lib -L/usr/lib -L/usr/x86_64-w64-mingw32/sys-root/mingw/lib -mllvm -passes=hlw,idc /tmp/loader1_modified-816427.o /tmp/uuid_converter-6bef9c.o -lole32 assembly.o -luuid -Bstatic -lstdc++ -Bdynamic -lmingw32 -lgcc -lgcc_eh -lmoldname -lmingwex -lmsvcrt -ladvapi32 -lshell32 -luser32 -lkernel32 -lmingw32 -lgcc -lgcc_eh -lmoldname -lmingwex -lmsvcrt -lkernel32 /usr/x86_64-w64-mingw32/lib/crtend.o [+] Congratulations! The packed binary has been successfully generated: ./chrome.exe [-] No entropy reduction applied.

Stripping the binary to reduce its size and potentially increase its stealth. Path is ./chrome.exe [+] Final output file hash: 4903b4b87084437f21b5273519f0fdf9

but when running the output chrome.exe nothing is happening

am i missing something ?

hillelpinto avatar Feb 27 '25 17:02 hillelpinto

Hi, Loader-1 has been tested with compiled Notepad and message box code, Mimikatz, and various Meterpreter shells from Metasploit, all working perfectly. Could you send me the source code or binary of Hardly.exe so I can give it a try? If the original binary works, Boaz should execute it without any problem.

thomasxm avatar Mar 17 '25 10:03 thomasxm

i'm having the same issue, the generated output isn't working. i have tried create a simple program in C who create a folder called "works!" and i was able to execute the generated generated output and have the expected behaviour in my target machine, but when i tried generate a meterpreter ofuscated, the output just do nothing, i don't know if i must use a specific option or something like that, but in some cases the output doesn't work. (but the original meterpreter payload works fine), i have used this following arguments:

python3 Boaz.py -f payload.exe -o payload_ofs.exe -t donut -l 1 -c mingw -e uuid -obf -sgn -entropy 1 -a

i also have tried with simple arguments like python3 Boaz.py -f payload.exe -o payload_ofs.exe but that didn't work as well. i'm using a windows envoriment without windows defender or others kinds of AV for testing.

could you help me? am i missing something?

@thomasxm @hillelpinto

PS: i also have tried with a payload from Sliver C2 and the output didn't do anything

half144 avatar May 12 '25 00:05 half144

Use: "python3 Boaz.py -f payload.exe -o payload_ofs.exe -t donut -l 1 -c mingw -e uuid -obf -entropy 1 -a" without "-sgn". The issue lies with the '-sgn' argument; too many encoding steps are causing the problem. I will update the SGN encoding command to resolve this.

thomasxm avatar May 17 '25 13:05 thomasxm