Ok, here we are..
Thank you for your patience. It is time to release the version 0.1 of the “tool“.. 
The archive is composed of:
- An EXE template (ultimate-payload-template1.exe) which manage the sandbox evasion.
- A Perl script (ultimate-payload.pl) which read a shellcode in binary format from STDIN, encode it, and build a new EXE file based on the template.
- The source code of the encoder (in assembly) and the template (Visual Studio 2008).
The (stupid) sandbox evasion technique used in the EXE template is explained in the part2 of this story. And the output of the tool is shown in part1.
I do not expect it to bypass all AVs forever. I guess new signatures of the template will appear shortly. But don’t worry, all you have to do is to modify the source code of the template, and recompile it. In case of new sandbox problems, just use your imagination
Note: this technique doesn’t work anymore against MS Essential Security. For this reason, I wrote a new version (0.2) with a new technique, but this one will not be published.. (yet). However, a little bird told me that using a stupid junk loop in v0.1 would do the trick against Essential Security
Download the tool: ultimate-payload-v0.1.tar.gz and read the HOWTO.txt file.
As usual, be nice. Ask the permission of the owner before infecting a computer…
Enjoy
Foip
Note: There is a rating embedded within this post, please visit this post to rate it.© 2012, foip. All rights reserved.
