Home
Inceptor is a template-based PE packer for Windows, designed to help penetration testers and red teamers to bypass common AV and EDR solutions. Inceptor has been designed with a focus on usability, and to allow extensive user customisation.
See Installation.
This is a recurring bug, even though it should have been fixed long ago. The issue is caused by the chameleon submodules, incorrectly refereced using the ssh link ([email protected]:klezVirus/inceptor.git) instead of the HTTPS link. The issue results in the following error message:
Traceback (most recent call last):
File "C:\Users\Administrator\Desktop\inceptor\inceptor\inceptor.py", line 12, in
from generators.PowerShellArtifactGenerator import PowerShellArtifactGenerator
File "C:\Users\Administrator\Desktop\inceptor\inceptor\generators\PowerShellArtifactGenerator.py", line 9, in
from obfuscators.powershell.Karmaleon import Karmaleon
File "C:\Users\Administrator\Desktop\inceptor\inceptor\obfuscators\powershell\Karmaleon.py", line 6, in
from obfuscators.powershell.chameleon.chameleon import Chameleon
ModuleNotFoundError: No module named 'obfuscators.powershell.chameleon.chameleon'
The following workaround can be used to solve the issue:
:: [Optional] Clone without submodules
git clone https://github.com/klezVirus/inceptor
:: Navigate to the PowerShell obfuscators directory
cd inceptor\inceptor\obfuscators\powershell
:: Clone chameleon fro the official repository
git clone https://github.com/klezVirus/chameleonThis subtle bug is caused by the precompiled binaries of LLVM. On certain Windows distributions, clang-cl.exe fails to run due to missing DLLs.
This error shows itself with a message similar to the following:
[+] Native Artifact Generator Started At 2021-08-15 11:53:22.856704
[] Phase 0: Loading...
[] Phase 1: Converting binary into shellcode
[>] Transformer: Loader
[] Phase 2: Encoding
[] Phase 3: Generating source files using CLASSIC
[>] Phase 3.1: Writing CPP file in .\temp\tmptxs2l2rc.cpp
[*] Phase 4: EXE compilation and Signing
[>] Phase 4.1: Compiling EXE...
Traceback (most recent call last):
File "C:\Users\Administrator\inceptor\inceptor\generators\NativeArtifactGenerator.py", line 202, in generate
self.generate_wrapped()
File "C:\Users\Administrator\inceptor\inceptor\generators\NativeArtifactGenerator.py", line 241, in generate_wrapped
self.compile_exe(shellcode)
File "C:\Users\Administrator\inceptor\inceptor\generators\NativeArtifactGenerator.py", line 156, in compile_exe
status = self.compiler.compile([self.exe_writer.outfile] + self.obj_files)
File "C:\Users\Administrator\inceptor\inceptor\compilers\Compiler.py", line 63, in compile
output = subprocess.check_output(cmd)
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python39\lib\subprocess.py", line 424, in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python39\lib\subprocess.py", line 505, in run
with Popen(*popenargs, **kwargs) as process:
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python39\lib\subprocess.py", line 951, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python39\lib\subprocess.py", line 1420, in _execute_child
hp, ht, pid, tid = _winapi.CreateProcess(executable, args,
PermissionError: [WinError 5] Access is denied
The official solution in these cases is to re-compile LLVM-Obfuscator using MinGW. The instruction on how to compile LLVM on Windows can be found here.