View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003114||Kali Linux||[All Projects] New Tool Requests||public||2016-03-03 10:24||2020-03-30 14:39|
|Target Version||Fixed in Version|
|Summary||0003114: exe2powershell - exe2bat reborn for modern Windows|
|Description||exe2powershell - exe2bat reborn for modern Windows|
exe2powershell converts a binary into a bat file, without size limitation (64kB) and with compatibility to modern Windows (7 x64, 8, 8.1, 10, 2008, 2008R2, 2012).
The *.bat produced by exe2powershell contains several "echo" lines (< 128 chars) of the decimal code of initial binary, and finally invoke a powershell command line to regenerate the payload.exe on the remote server through command line.
- exe2bat compatibility : input file lesser than 64kB (<= Windows 7 x86)
- exe2powershell compatibility : input file without size limitation, Windows with powershell (>= Windows 7)
exe2powershell on github with source-code, sample and binaries :
|Steps To Reproduce||C:\exe2powershell\bin>exe2powershell.exe|
______ ___ _____ _____ _ _ _
| ____| |__ \| __ \ / ____| | | | |
| |__ __ _____ ) | |__) |____ _____ _ _| (___ | |__ ___| | |
| __| \ \/ / _ \ / /| ___/ _ \ \ /\ / / _ \ '__\___ \| '_ \ / _ \ | |
| |____ > < __// /_| | | (_) \ V V / __/ | ____) | | | | __/ | |
|______/_/\_\___|____|_| \___/ \_/\_/ \___|_| |_____/|_| |_|\___|_|_|
[ exe2bat reborn in exe2powershell for modern Windows ]
[ initial author ninar1, based on riftor work, and modernized by ycam ]
[ exe2powershell version 1.0 - keep up to date : www.asafety.fr ]
[*] Usage : exe2powershell.exe inputfile outputfile
[*] e.g. : exe2powershell.exe nc.exe nc.bat
|Additional Information||Kali integrates many Windows binaries used during pentest on Windows Server.|
These tools are located in /usr/share/windows-binaries/
Kali provides "wine" by default to run these tools directly.
One of these tools, the oldschool "exe2bat.exe" is present here : /usr/share/windows-binaries/exe2bat.exe
Through this old tool, a pentester can convert a payload.exe or another utility (ftp.exe, tftp.exe, nc.exe, etc.) into a *.bat file.
The produced *.bat file contains several "echo" lines with hexadecimal code of the initial binary.
Finally, the *.bat file invoke the "debug.exe" binary located in %systemroot%\System32\debug.exe by default in old Windows to regenerate te initial "payload.exe".
Through this tool "exe2bat", a pentester can "upload" a payload.exe only with the use of "echo" and "debug" command in a shell.
But "exe2bat" have limitation :
- This tool use "debug.exe" which is deprecated and not present in Windows since Windows 7 x64 (usable in Windows 7 x86). So Windows 8, 8.1, 2008, 2008R2, 2012 or 10 doesn't have this binary...
- "debug.exe" is an old-retro-compatibility tool kept in Windows (16bits-application)
- exe2bat can convert "*.exe" to "*.bat" file only if the initial file is lesser than 64kB
Compared to these limitations of "exe2bat", I've created "exe2powershell", the reborn of "exe2bat".
exe2powershell converts a binary into a bat, without size limitation (64kB) and with compatibility to modern Windows (7 x64, 8, 8.1, 10, 2008, 2008R2, 2012).
The *.bat produced by exe2powershell contains several "echo" lines of the decimal code of initial binary, and finally invokes a powershell command line to regenerate the payload.exe.
I think this tool can be useful to pentester who used to use exe2bat, so I suggest you to include it among the other Windows binaries in /usr/share/windows-binaries/.
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):
- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool?
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [How to install] - How do you compile it?
- [How to use] - What are some basic commands/functions to demonstrate it?
- [Name] - exe2powershell
- [Version] - 1.0 (https://github.com/yanncam/exe2powershell)
- [Homepage] - https://www.asafety.fr/projects/exe2powershell/
- [Download] - https://github.com/yanncam/exe2powershell (source & binary version)
- [Author] - Yann CAM
- [Licence] - GNU
- [Description] - exe2powershell is used to convert any binary file (*.exe) to a BAT file. The resulting BAT file contains only "echo" command and finally a powershell command to re-create the original binary file.
- [Dependencies] - Nothing, standalone binary (exe2powershell.exe)
- [Similar tools] - exe2bat (already present in Kali but not-compatible with newer Windows versions)
- [How to install] - Source code is here : https://github.com/yanncam/exe2powershell/blob/master/src/exe2powershell/exe2powershell.cpp, compiled via Code::Blocks without any additional libraries linked nor dependencies.
- [How to use] - exe2powershell.exe nc.exe nc.bat
Tool hasn't had an update for a while.
Other than post exploitation, why would a binary exe be used.
|2016-03-03 10:24||ycam||New Issue|
|2018-01-29 14:54||g0tmi1k||Note Added: 0008390|
|2018-02-21 09:35||g0tmi1k||Product Version||2016.1 =>|
|2018-02-24 11:32||ycam||Note Added: 0008804|
|2020-03-30 14:39||g0tmi1k||Note Added: 0012568|
|2020-03-30 14:39||g0tmi1k||Status||new => closed|
|2020-03-30 14:39||g0tmi1k||Resolution||open => won't fix|