By HireHackking in HACKER
· 1 view
exe2hexbat is a Python script used to convert Windows PE executable files into batch files and vice versa.
Overview
exe2hex Encodes the executable binary file into ASCII text format. Then, transfer the results to the target computer (echoing the ASCII file is much easier than echoing the binary data). After exe2hex's output file is executed, restore the original program using or PowerShell (preinstalled on Windows by default). Files can be automatically transferred to the target computer using the built-in Telnet or WinEXE options in exe2hex. Binary EXE - ASCII Text - *Transfer* - Binary EXE 
Quick start
-x Use file or STDIN ( /path/to/binary-program.exe-s)-b to output to BATch/or PoSH (-b file.bat-p powershell.cmd)
Usage Example
Create BATch PowerShell file: Here I wrote an exe program casually
exe2hex -x chaos.exe 
As you can see, exe2hex converts the exe file into cmd and bat files.
Compress file exe2hex -x chaos.exe -b nc.txt -cc
[*] exe2hex v1.5.1
[i] Attempting to clone and compress
[i] Creating temporary file /tmp/tmp509bq1bl
[+] Compression (strip) was successful! (0.0% saved)
upx: /tmp/tmp509bq1bl: NotCompressibleException
[+] Compression (UPX) was successful! (0.0% saved)
[+] Successfully written (BATch) /root/Desktop/nc.txt 
Help
-h,--help #Show help information and exit
-x EXE #EXE binary file conversion
-s #Read from STDIN
-b BAT #BAT output file (DEBUG.exe method-x86)
-p POSH #PoSh output file (PowerShell method -x86/x64)
-e #URL encoding output
-r TEXT #pRefix - Text added before each line of command
-f TEXT #suFfix - Text added after each line of command
-l INT #Maximum hexadecimal value per row
-c #Clone and compress files before conversion (use -cc for higher compression)
-t # Create an Expect file to automatically perform Telnet sessions.
-w # Create an Expect file to automatically execute WinEXE sessions.
-v #Enable detailed mode
Main uses:
Convert binary programs to ASCII hexadecimal files, which can be restored using the built-in operating system program. Works on older and newer versions of Windows without pre-installing any third-party programs. Supports x86 and x64 operating systems. You can use DEBUG.exe or PowerShell to restore files. Ability to compress files before conversion. URL encodes the output. Option to add prefix and suffix text to each line. Ability to set the maximum hexadecimal length for each row. You can use binary files or pipelines in standard input (). STDIN is automatically transmitted via Telnet and/or WinEXE.
Telnet login
exe2hex.py -x chaos.exe -b chaos.bat -t 
At this time, a /chao-bat-telnet file will be generated for remote connection.
The format is as follows:/klogger-bat-telnet ip username password
./chao-bat-telnet 192.168.123.1 admin admin
Welcome to Microsoft Telnet Service
login: winxp
password:
*======================================================================================
Welcome to Microsoft Telnet Server.
*======================================================================================
C:\Documents and Settings\winxpcd %TEMP%
C:\DOCUME~1\winxp\LOCALS~1\Tempecho 418671.0klogger.bat
418671.0E~1\winxp\LOCALS~1\Temptype klogger.bat
C:\DOCUME~1\winxp\LOCALS~1\Temp
Postscript
exe2hex actually writes our commonly used programs or scripts into batch files such as txt cmd bat. Because some machines' WAF will restrict file upload/download exe. So a method is proposed to bypass these defense mechanisms using exe2hex. Transform it into an encoded form, and finally construct exe again and execute it.
Recommended Comments